- You must first configure and discover the Check Point CLA and obtain the AO Client SIC before you can configure the Customer Log Module (CLM). The AO Client SIC is generated when you create the FortiSIEM OPSEC application.
Discover Paired Components on the Same Collector or Supervisor
Discovery of the MLM requires the certificate of the MDS, and discovery of the CLM requires the certificate of the CMA. Make sure that you discover the MDS & MLM pair, and the CMA & CLM pair, on the same Supervisor or Collector. If you attempt to discover them on separate Collectors, discovery will fail.
- Log in to your Check Point SmartDomain Manager.
- Click the General tab.
- Select Domain Contents.
- Select the Domain Management Server and right-click to select Launch Application > Smart Dashboard.
- Select the Desktop tab.
- Click the Network Objects icon.
- Under Check Point, select the CLM host and double-click to open the General Properties dialog.
- Under Secure Internal Communication, click Test SIC Status... .
- In the SIC Status dialog, note the value for DN.
This is the CLM Server SIC that you will use in setting up access credentials for the CLM in FortiSIEM.
- Click Close.
- Click OK.
- In the Actions menu, select Policy > Install Database... .
- Select the MDS Server and the CLM, and then OK.
The database will install in both locations.
Settings for Check Point Provider-1 Firewall CLM SSLCA Access Credentials
Use these Access Method Definition settings to allow FortiSIEM to access your Check Point Provider-1 Firewall CMA. When you complete the access credentials, click Generate Certificate to establish access between your firewall and FortiSIEM.
|Device Type||Checkpoint Provider-1 CLM|
|Access Protocol||CheckPoint SSLCA|
|CLM IP||The IP address of the host where your CLM is located|
|Checkpoint LEA Port||The port used by LEA on your server|
|AO Client SIC||The DN number of your FortiSIEM OPSEC application|
|CLM Server SIC||The DN number of your server|
|CPMI Port||The port used by CPMI on your server|
|CMA IP||The IP address of the host where your CMA is located|