Skip to main content
IsuruTharanga
IsuruTharanga
Visitor III
May 22, 2020
Question

Checkpoint OPSEC LEA Integration

  • May 22, 2020
  • 1 reply
  • 1531 views
Hi,

We have been trying to integrate Checkpoint Firewall logs from Smart Console via OPSEC API. We successfully pulled the certificate from "opsec_pul_cert" CLI tool but we have an issue when trying to pull the certificate from FortiSIEM GUI.

FortiSIEM 5.3.0
Checkpoint R80.10

Did anyone come across with this issue before?

Regards,
Isuru

    1 reply

    FSM_FTNT
    Staff
    FSM_FTNT
    Staff
    May 28, 2020
    Hi Isru,

    CheckPoint can be interesting to integrate with due to certificates, certificate hashing and CheckPoint architecture. 

    Simple things to check:

    Make sure connectivity is available to CP from FSM Super or Collectors.
    Are you using SmartCenter or is it CLM, MLM, CLA.
    Check what version of CheckPoint is running.


    Probably a more straightforward way to integrate is to forward events from CP in Syslog CEF format, this is supported by FortiSIEM and CheckPoint supports this now.-------------------------------------------
    Original Message:
    Sent: May 22, 2020 05:22 AM
    From: Isuru Tharanga
    Subject: Checkpoint OPSEC LEA Integration

    Hi,

    We have been trying to integrate Checkpoint Firewall logs from Smart Console via OPSEC API. We successfully pulled the certificate from "opsec_pul_cert" CLI tool but we have an issue when trying to pull the certificate from FortiSIEM GUI.

    FortiSIEM 5.3.0
    Checkpoint R80.10

    Did anyone come across with this issue before?

    Regards,
    Isuru
    IsuruTharanga
    IsuruTharangaAuthor
    Visitor III
    May 29, 2020
    Hi Daniel,

    Thanks for the update. There's no connectivity issue. We are using "Checkpoint SmartConsole" for "R80.10" Firewalls.

    I will look into syslog as well.

    Regards,
    Isuru-------------------------------------------
    Original Message:
    Sent: May 28, 2020 04:57 AM
    From: Daniel Hanman
    Subject: Checkpoint OPSEC LEA Integration

    Hi Isru,

    CheckPoint can be interesting to integrate with due to certificates, certificate hashing and CheckPoint architecture. 

    Simple things to check:

    Make sure connectivity is available to CP from FSM Super or Collectors.
    Are you using SmartCenter or is it CLM, MLM, CLA.
    Check what version of CheckPoint is running.


    Probably a more straightforward way to integrate is to forward events from CP in Syslog CEF format, this is supported by FortiSIEM and CheckPoint supports this now.
    Original Message:
    Sent: May 22, 2020 05:22 AM
    From: Isuru Tharanga
    Subject: Checkpoint OPSEC LEA Integration

    Hi,

    We have been trying to integrate Checkpoint Firewall logs from Smart Console via OPSEC API. We successfully pulled the certificate from "opsec_pul_cert" CLI tool but we have an issue when trying to pull the certificate from FortiSIEM GUI.

    FortiSIEM 5.3.0
    Checkpoint R80.10

    Did anyone come across with this issue before?

    Regards,
    Isuru
    IsuruTharanga
    IsuruTharangaAuthor
    Visitor III
    June 2, 2020
    Hi Daniel,

    Regarding the Syslog Forwarding... Were you referring to this kind of a scenario (https://qostechnology.in/blog/syslog-integration-with-checkpoint/) or the 'Checkpoint log exporter' ??

    Regards,
    Isuru-------------------------------------------
    Original Message:
    Sent: May 28, 2020 08:25 PM
    From: Isuru Tharanga
    Subject: Checkpoint OPSEC LEA Integration

    Hi Daniel,

    Thanks for the update. There's no connectivity issue. We are using "Checkpoint SmartConsole" for "R80.10" Firewalls.

    I will look into syslog as well.

    Regards,
    Isuru
    Original Message:
    Sent: May 28, 2020 04:57 AM
    From: Daniel Hanman
    Subject: Checkpoint OPSEC LEA Integration

    Hi Isru,

    CheckPoint can be interesting to integrate with due to certificates, certificate hashing and CheckPoint architecture. 

    Simple things to check:

    Make sure connectivity is available to CP from FSM Super or Collectors.
    Are you using SmartCenter or is it CLM, MLM, CLA.
    Check what version of CheckPoint is running.


    Probably a more straightforward way to integrate is to forward events from CP in Syslog CEF format, this is supported by FortiSIEM and CheckPoint supports this now.
    Original Message:
    Sent: May 22, 2020 05:22 AM
    From: Isuru Tharanga
    Subject: Checkpoint OPSEC LEA Integration

    Hi,

    We have been trying to integrate Checkpoint Firewall logs from Smart Console via OPSEC API. We successfully pulled the certificate from "opsec_pul_cert" CLI tool but we have an issue when trying to pull the certificate from FortiSIEM GUI.

    FortiSIEM 5.3.0
    Checkpoint R80.10

    Did anyone come across with this issue before?

    Regards,
    Isuru
    Terms & ConditionsAccessibility statement