Table of Contents
Advertisement
Chapter 4
Configuring Firewall Devices
Representing a Check Point device in MARS involve two steps:
1.
2.
When managing SmartCenter and SmartCenter Pro, the primary management station is the SmartCenter
server. When managing Provider-1/SiteManager-1 releases NG FP3, NG AI (R55), and NGX (R60), the
primary management station is not the MDS, but each CMA defined under the MDS. In other words, you
must define each CMA as a separate primary management station. The child enforcement modules are
those gateways and logs servers (CLMs) managed as part of that customer or site as defined by the CMA.
Part of what you must determine is where the security event logs are stored. Two options exist:
•
•
If the security events are stored in a distributed fashion, you must plan to define and establish SIC
communication between the MARS Appliance and each Check Point log module. For SmartCenter and
SmartCenter Pro, the server SIC DN is the one assigned to the primary management station. However,
for Provider-1 and SiteManager-1, the server SIC DN varies based on release. For Provider-1 and
SiteManager-1 NG FP3 and NG AI (R55), the server SIC DN is the one associated with the CMA. For
Provider-1 and SiteManager-1 NGX (R60), you can use the SIC assigned to the MDS for all CMAs and
CLMs that you define.
One other restriction exists with the Provider-1 and SiteManager-1 products. For Provider-1 and
SiteManager-1 NG FP3 and NG AI (R55), you must define an OPSEC application representing the
MARS Appliance in each CMA (using the CMAs SmartDashboard user interface). For Provider-1 and
SiteManager-1 NGX (R60), you can define one OPSEC application representing the MARS Appliance
and push that definition to all CMAs and CLMs managed by the MDS.
Bootstrap the Check Point Devices
Bootstrapping the Check Point devices involves preparing those devices to send data to the MARS
Appliance, as well as enabling the MARS Appliance to discover the Check Point configuration settings.
In addition to preparing the Check Point devices, you must gather the information required to represent
the Check Point devices in the MARS web interface.
You bootstrap the central Check Point management server, whether it be a CMA or a SmartCenter server
by defining the MARS Appliance as a target log host and OPSEC Application object.
1.
2.
78-17020-01
Define a primary management station. This primary management station represents the central
management server that manages remote components, such as firewalls, VPN gateways, and log
servers.
Define one or more child enforcement modules. Child enforcement modules are the remote
components managed by the primary management station. They represent firewalls, VPN gateways,
and log servers.
Central Event Correlation. The MLM or SmartCenter server pulls logs from all remote
components.
Distributed Event Correlation. In addition to the MLM or SmartCenter Server, one or more
remote log servers exist where aggregation to the central management server does not occur. These
severs, the CLMs, must also be represented and configure so that MARS can pull the events from
them.
Using Check Point SmartDashboard or the Check Point Provider-1/SiteManager-1 MDG, add the
MARS Appliance as a host.
Create and install an OPSEC Application object for the defined host, import the authorization key,
and generate the client SIC DN. This SIC DN is the one used by OPSEC applications, including the
management server, to validate the MARS Appliance. You specify this client SIC DN in the MARS
User Guide for Cisco Security MARS Local Controller
Check Point Devices
4-25
Advertisement
Table of Contents
Troubleshooting
