Check Point VSX Firewall
- What is Discovered and Monitored
- Event Types
- Rules
- Reports
- Configuration
- Settings for Access Credentials
What is Discovered and Monitored
FortiSIEM uses SNMP, LEA to discover the device and to collect logs, configurations and performance metrics.
Protocol |
Information Discovered |
Metrics collected |
Used for |
---|---|---|---|
SNMP |
Host name, Firewall model and version, Network interfaces |
Uptime, CPU and Memory utilization, Network Interface metrics (utilization, bytes sent and received, packets sent and received, errors, discards and queue lengths), Firewall connection count |
Availability and Performance Monitoring |
LEA |
All traffic and system logs |
Security and Compliance |
Event Types
There are no event types defined specifically for this device.
Rules
There are no predefined rules for this device.
Reports
There are no predefined reports for this device.
Configuration
SNMP
FortiSIEM uses SNMP to discover and monitor this device. Make sure SNMP is enabled for the device as directed in its product documentation. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.
LEA
Add FortiSIEM as a Managed Node
- Log in to your Check Point SmartDomain Manager.
- In the Global Policies tab, select Multi-Domain Security Management, and then right-click to select Launch Global SmartDashboard.
- Select the Firewall tab.
- Click the Network Objects icon.
- Select Nodes, and then right-click to select Node > Host....
- Select General Properties.
- Enter a Name for your FortiSIEM host, like
FortiSIEMVA
. - Enter the IP Address of your FortiSIEM virtual appliance.
- Click OK.
Create an OPSEC Application for FortiSIEM
- In the Firewall tab, click the Servers and OPSEC icon.
- Select OPSEC Applications, and then right-click to select New > OPSEC Application.
- Click the General tab.
- Enter a Name for your OPSEC application, like
OPSEC_FortiSIEMVA
. - For Host, select the FortiSIEM host.
- Under Client Entities, select LEA and CPMI.
For Check Point FireWall-1, also select SNMP. - Click Communication.
- Enter a one-time password.
This is the password you will use in setting up access credentials for your firewall in FortiSIEM. - Click Initialize.
- Close and re-open the application.
- In the General tab, next to Communication, the DN field will now contain a value like
CN=
OPSEC_FortiSIEMVA,0=MDS..i6g4zq
.
This is the FortiSIEM Client SIC DN that you will need when you copy the secure internal communication certificates and set the access credentials for your firewall in FortiSIEM.
Create a Firewall Policy for FortiSIEM
- In Servers and Opsec > OPSEC Applications, select your FortiSIEM application.
- In the Rules menu, select Top.
- Right-click SOURCE, then click Add and select your FortiSIEM virtual appliance.
- Right-click DESTINATION, then click Add and select your Check Point firewall.
- Right-click SERVICE, then click Add and select FW1_lea, and CPMI.
Also select snmp if you are configuring a Check Point FireWall-1 firewall. - Right-click ACTION and select Accept.
- Right-click TRACK and select Log.
- Go to Policy > Install.
- Click OK.
- Go to OPSEC Applications and select your FortiSIEM application.
- In the General tab of the Properties window, make sure that the communications have been enabled between your firewall and FortiSIEM.
Copy Client SIC
- Go to Manage > Server and OPSEC Applications.
- Select OPSEC Application and then right-click to select your FortiSIEM application.
- Click Edit.
- Enter the SIC DN of your application.
Copy Server SIC
- In the Firewall tab, go to Manage.
- Click the Network Object icon, and then right-click to select Check Point Gateway.
- Click Edit.
- Enter the SIC DN.
- If there isn't a field to enter the SIC DN, click Test SIC Status and a dialog will display the SIC DN.
You can configure FortiSIEM to communicate with your device, and then initiate discovery of the device. For more information, refer to sections "Discovery Settings" and "Setting Credentials" in the User Guide.
Settings for Access Credentials
Set these Access Method Definition values to allow FortiSIEM to communicate with your device.
Setting | Value |
---|---|
Name | <set name> |
Device Type | Checkpoint VSX |
Access Protocol | See Access Credentials |
Port | See Access Credentials |
Password config | See Password Configuration |