Cisco CS-MARS-20-K9 - Security MARS 20 User Manual page 169

Chapter 4 Configuring Firewall Devices
Device Name — Enter the name of the device. This name must exactly match the hostname shown
•
in the Check Point user interface. MARS maps this name to the reporting IP address. This name is
used in topology maps, queries, and as the primary management station in the Security and
Monitoring Device list.
• Access IP — (Optional) This s address is used to pull from a Check Point device using CPMI,
enabling MARS to discover settings from this device. This address represents either a virtual IP
address associated with a CMA or the physical IP address of the SmartCenter server. To learn more
about the access IP address, its role, and dependencies, see
and Interface Settings, page
Reporting IP — Enter the IP address of the interface in the Check Point server from which MARS
•
will pull traffic and audit logs. Check Point audit logs save information regarding user interaction
with Check Point devices, such as log in and out of the Check Point user interface, initialize or
revoke certificate, install or uninstall policy, create, modify, and delete objects, etc. No additional
configuration is needed to turn on audit log on Check Point device.
This address represents either a virtual IP address associated with a CMA or the physical IP address
of the SmartCenter server. To learn more about the reporting IP address, its role, and dependencies,
see
Under Enter interface information, enter the interface name, IP address, and netmask value of each
Step 4
interface in the Check Point server from which configuration information will be discovered and from
which security event logs will be pulled.
This address represents either a virtual IP address associated with a CMA or the physical IP address of
the SmartCenter server. To learn more about the interface settings, its role, and dependencies, see
Understanding Access IP, Reporting IP, and Interface Settings, page
(Optional) To enable MARS to monitor this device for anomalous resource usage, select Yes from the
Step 5
Monitor Resource Usage list.
Result: MARS monitors the device for anomalous consumption of resources, such as memory and CPU.
If anomalies are detected, MARS generates an incident. Resource utilization statistics are also used to
generate reports. For more information, see
Click Apply to save these settings.
Step 6
Click Next to access the Reporting Applications tab.
Step 7
Select the appropriate version of Check Point Opsec from the Select Application list, and click Add.
Step 8
The following options are available:
CheckPoint Opsec NG FP3. Select this option for Check Point NG FP3 devices.
•
• CheckPoint Opsec NG AI. Select this option for Check Point NG AI (R55) and Check Point NGX
(R60) devices.
78-17020-01
2-8.
Understanding Access IP, Reporting IP, and Interface Settings, page
Understanding Access IP, Reporting IP,
2-8.
Configuring Resource Usage Data, page
User Guide for Cisco Security MARS Local Controller
Check Point Devices
2-8.
2-41.
4-41