Table of Contents
Advertisement
Check Point Devices
SmartCenter and SmartCenter Pro are security management systems also targeted toward enterprise
customers. They can support the Provider-1 system, serving as a backup server at the CMA level.
However, their primary function is to provide centralized security and VPN policy and security event
management through SmartDashboard, which is the user interface for both systems. From the MARS
perspective, SmartCenter has the ability to extend the view of the network by managing the policies and
events associated with gateway and desktop nodes:
•
•
•
•
MARS monitors the primary management servers, such as the MDS in Provider-1 and SiteManager-1
and the SmartCenter Server in SmartCenter and SmartCenter Pro. These management servers are where
the actual security and audit policies are centrally managed and stored. If the Check Point deployment
requires, MARS also monitors those components managed by the management stations, such as
individual firewalls, VPN gateways, and log servers. Whether you configure MARS to monitor these
remote components depends on whether their security event logs are propagated to the centralized
management servers (SmartCenter or CMA). If the logs are not forwarded to the primary management
server, then you must define where the log repository exists, whether local to the enforcement module,
or forwarded to a separate logging module (CLM).
In addition to understanding the components, it is important to understand how Check Point components
use Secure Internal Communications (SIC) to securely communicate with each other and with
third-party OPSEC applications. SIC is the process by which MARS Appliance authenticates to the
SmartCenter Server and other Check Point components. SIC uses a shared secret as the seed for
negotiating session keys. This shared secret is referred to as an activation key. The authentication and
communication setup works as follows:
1.
2.
3.
The following topics support the integration of MARS into a Check Point environment:
•
•
•
•
Determine Devices to Monitor and Restrictions
To configure Check Point devices, you must identify the central management server and managed
components, bootstrap them, and add and configure them in the MARS web interface. The Check Point
product line and release, as well as the number of devices managed, determines which tasks you must
perform to configure MARS to monitor your Check Point devices.
User Guide for Cisco Security MARS Local Controller
4-24
VPN-1 perimeter security gateways,
InterSpect internal security gateways
Connectra Web security gateways
SecureClient, a personal firewall running on desktops and servers.
Using a username and password pair, MARS authenticates to the SmartCenter Server and other
Check Point components, such as remote log servers, using TCP port 18210.
If authenticated, the peers swap the activation key and each other's SIC using TCP port 18190.
If each peer validates the authenticity of the other, the Check Point component establish an
encrypted session over TCP port 18184 with the MARS Appliance. It is over this channel that the
Check Point components to sends encrypted log data to MARS.
Determine Devices to Monitor and Restrictions, page 4-24
Bootstrap the Check Point Devices, page 4-25
Add and Configure Check Point Devices in MARS, page 4-39
Troubleshooting MARS and Check Point, page 4-56
Chapter 4
Configuring Firewall Devices
78-17020-01
Advertisement
Table of Contents
Troubleshooting
