Configuring MLM for Check Point Provider-1 Firewalls
Prerequisites
- You must configure and discover your Check Point Provider-1 MDS before you configure the Multi-Domain Log Module (MLM). You will need the AO Client SIC that was generated when you created your FortiSIEM OPSEC application in the MDS to set up the access credentials for your MLM in FortiSIEM.
Discover Paired Components on the Same Collector or Supervisor
Discovery of the MLM requires the certificate of the MDS, and discovery of the CLM requires the certificate of the CMA. Make sure that you discover the MDS & MLM pair, and the CMA & CLM pair, on the same Supervisor or Collector. If you attempt to discover them on separate Collectors, discovery will fail.
Configuration
Get MLM Server SIC for Setting Up FortiSIEM Access Credentials
- Log in to your Check Point SmartDomain Manager.
- In the General tab, click Multi-Domain Server Contents.
- Right-click MLM and select Configure Multi-Domain Server....
- Next to Communication, note the value for DN.
You can now configure FortiSIEM to communicate with your device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.
Settings for Access Credentials
Settings for Check Point Provider-1 MLM SSLCA Access Credentials
Use these Access Method Definition settings to allow FortiSIEM to access your Check Point MLM over SSLCA.
| Setting | Value |
|---|---|
| Name | MLM |
| Device Type | Checkpoint Provider-1 MLM |
| Access Protocol | CheckPoint SSLCA |
| MLM IP | The IPS address of your module |
| Checkpoint LEA Port | The port used by LEA on your server |
| AO Client SIC | The DN number of your FortiSIEM OPSEC application |
| MLM Server SIC | The DN number of your MLM |
| CPMI Port | The port used by CPMI on your server |
| MDS IP | The IP address of your MDS server |