Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CONFIGURING DSMS REV 1 Manual page 28

22 C P F
HECK OINT IRE
Step 2
Step 3
Verifying or
Changing the
OPSEC
Communications
Configuration
Changing the Default
Port on which
OPSEC LEA
Communicates
Step 1
Step 2
W -1
ALL
Select Close.
e
To create the OPSEC connection:
Select Manage > Servers and OPSEC applications > New > OPSEC
a
Application Properties.
Enter the appropriate information in the Name and Comment (optional) text
b
fields.
Note: The name you enter must be different than the name entered in Step 1 c.
From the Host drop-down list box, select the host object you created in
c
From Application Properties drop-down list box, select User Defined as the
d
vendor.
From Client Entries drop-down list box, select LEA.
e
Click Communication to generate a Secure Internal Communication (SIC)
f
certificate.
Enter an activation key.
g
Click OK.
h
Click Close.
i
Select Policy > Install > OK to install the Security Policy on your firewall.
This section describes how to modify your Check Point FireWall-1 configuration to
allow OPSEC communications on non-standard ports, and in a clear text,
un-authenticated stream.
This section includes the following information:
Changing the Default Port on which OPSEC LEA Communicates
•
Configuring OPSEC LEA for Un-Encrypted Communications
•
To change the default port on which OPSEC LEA communicates (that is, port
18184):
At the command-line prompt of your Check Point SmartCenter Server, enter the
following command to stop the firewall services:
cpstop
Depending on your Check Point SmartCenter Server's operating system, open the
following file:
In Linux:
$FWDIR\conf\fwopsec.conf
In Windows:
%FWDIR%\conf\fwopsec.conf
The default contents of this file are as follows:
Configuring DSMs Guide
Step 1.