Check Point Devices
•
•
•
•
If discovery of Check Point configuration settings is not enabled for MARS, you must perform the
following manual configuration procedures:
•
•
Before You Begin
To perform this procedure, you need the following information:
•
•
•
•
Add a Check Point Primary Management Station to MARS
The primary management station represents one of the following:
•
•
Check Point 4.1, NG FP1, and NG FP2 devices are not officially supported. They cannot be configured
Note
to retrieve configuration information using CPMI. However, they can be configured to retrieve logs
using LEA. To configure one of these devices to work with the MARS, leave the Access IP field blank
on the host that represents the base platform.
You must define each individual CMA of a Provider-1 or SiteManager installation, regardless of the
release and version.
Step 1
Select Admin > System Setup > Security and Monitor Devices > Add.
Step 2
Do one of the following:
•
•
Specify values for the following fields:
Step 3
User Guide for Cisco Security MARS Local Controller
4-40
Manually Add a Child Enforcement Module or Log Server to a Check Point Primary Management
Station, page 4-44
Edit Discovered Log Servers on a Check Point Primary Management Station, page 4-48
Edit Discovered Firewall on a Check Point Primary Management Station, page 4-50
Verify Connectivity Between MARS and Check Point Devices, page 4-55
Manually Add a Child Enforcement Module or Log Server to a Check Point Primary Management
Station, page 4-44
Specify Log Info Settings for a Child Enforcement Module or Log Server, page 4-52
A MARS account with Administrative privileges.
A Check Point CMA or SmartCenter username and password that has READ access (minimum
requirement).
The client and server SIC DNs.
If you are defining a CMA for Provider-1 or SiteManager-1, you must have the virtual IP address
(VIP) for each CMA and CLM managed by the MDS.
The SmartCenter server in a SmartCenter or SmartCenter Pro installation.
A CMA of a Provider-1 or SiteManager-1 installation.
Select Add SW Security apps on a new host from the Device Type list, and continue with
Select Add SW security apps on existing host from the Device Type list. Select the device to which
you want to add the software application and click Add. Continue with
Chapter 4
Configuring Firewall Devices
Step
7.
78-17020-01
Step 3