Configuring the Check Point OPSEC NG Connector

The Check Point FW-1/VPN-1 OPSEC NG connector can operate in clear channel or sslca mode.

Note: The following stipulations apply to configuring the Check Point OPSEC NG Connector:

  • This procedure is supported only for ArcSight connector release 4.6.2 or later.

  • A hostname is called an Application Object Name on Check Point. A password is a Communication Activation Key on Check Point.

To configure a connector to operate in sslca mode:

On the Check Point SmartDashboard:

  1. Create an OPSEC Application Object using the Check Point SmartDashboard. You need to provide these parameters when creating the application object.

    Parameter

    Description

    Name

    A meaningful name for the application object you are creating; for example, ArcSightLea-1.

    This name is used to pull the OPSEC certificate.

    Host

    The hostname of the ArcSight Management Center system managing the connector.

    Client Entities

    Select LEA.

    Secure Internal Communication

    If a DN string is not present, initialize the communication by providing an activation key. The activation key is used when the certificate is pulled. This is the SIC Name.

    Click Communication > Initialize.

    After the object is created, note down the following information, which you will need to provide when continuing configuration.

    • SIC Name: DN string that you obtain after initializing communication as described below.

    • SIC Entity Name: Double-click the Check Point Gateway name in the SmartDashboard to view its general properties. The SIC Entity Name is the SIC string configured in the general properties window.

    • Check Point IP address or hostname.

  2. Pull the Check Point certificate.

    To do so, run the Pull OPSEC Certificate command on the container to which you will be adding the connector. For detailed information about running a command on a container, see Sending a Command to a Container. You need to provide this information when running the command:

    Parameter

    Description

    Server hostname or IP address

    The name or IP address of the Check Point server.

    Application object name

    The OPSEC Application object name you specified in the previous step. This parameter is case sensitive.

    Password

    The activation key you entered when creating the OPSEC application object in the previous step.

    If the certificate is pulled successfully, a message similar to this is displayed:

    OPSEC SIC name (CN=ArcSightLea-1,0=cpfw1.5ad8cn) was retrieved and stored in /opt/arcsight/connectors/<container name>/current/user/agent/checkpoint/<name>. Certificate was created successfully and written to "/opt/arcsight/connectors/<container name>/current/user/agent/checkpoint/ArcSightLea-1.opsec.p12".

    Note down the OPSEC SIC Name (CN=ArcSightLea-1,0=cpfw1.5ad8cn in the above example) and the file name (ArcSightLea-1.opsec.p12 in the above example).

    Tip: If the certificate is not pulled successfully, check to ensure that the Application object name you specified is correct (including the case) and the container on which you are running the command is up and running.

  3. Install Policy on the LEA client for the Check Point Gateway using the SmartDashboard.

On Connector Appliance:

  1. Add a Check Point connector by following instructions described in Adding a Connector. You need to provide the following information.

    Parameters

    Values to input

    Type

    Check Point FW-1/VPN-1 OPSEC NG

    Connection Type

    SSLCA

    Connector Table Parameters

    Server IP: The IP address of the Check Point server.

    Server Port: The port on the server that listens for SSLCA connections. Use the default value 18184.

    OPSEC SIC Name: The name you noted in Create an OPSEC Application Object using the Check Point SmartDashboard. You need to provide these parameters when creating the application object. .

    OPSEC SSLCA File: The name you noted after pulling the certificate in Pull the Check Point certificate..

    OPSEC Entity SIC Name: The name you noted in Create an OPSEC Application Object using the Check Point SmartDashboard. You need to provide these parameters when creating the application object. .

  2. An error similar to the following is displayed.

    -1:[X] Unable to connect to the Lea Server[10.0.101.185] -1:1 connection test failed!

    Select the Ignore warnings check box, and then click Next.

  3. Continue to configure the rest of the connector as described under Adding a Connector.