Checkpoint OPSEC LEA Integration

isuru · ‎05-22-2020

Hi,

We have been trying to integrate Checkpoint Firewall logs from Smart Console via OPSEC API. We successfully pulled the certificate from "opsec_pul_cert" CLI tool but we have an issue when trying to pull the certificate from FortiSIEM GUI.

FortiSIEM 5.3.0
Checkpoint R80.10

Did anyone come across with this issue before?

Regards,
Isuru

Cheers,
Isuru Malawige

FSM_FTNT · ‎06-18-2020

try this https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

View solution in original post

FSM_FTNT · ‎05-28-2020

Hi Isru,

CheckPoint can be interesting to integrate with due to certificates, certificate hashing and CheckPoint architecture.

Simple things to check:

Make sure connectivity is available to CP from FSM Super or Collectors.
Are you using SmartCenter or is it CLM, MLM, CLA.
Check what version of CheckPoint is running.

Probably a more straightforward way to integrate is to forward events from CP in Syslog CEF format, this is supported by FortiSIEM and CheckPoint supports this now.

isuru · ‎05-28-2020

Hi Daniel,

Thanks for the update. There's no connectivity issue. We are using "Checkpoint SmartConsole" for "R80.10" Firewalls.

I will look into syslog as well.

Regards,
Isuru

Cheers,
Isuru Malawige

isuru · ‎06-01-2020

Hi Daniel,

Regarding the Syslog Forwarding... Were you referring to this kind of a scenario (https://qostechnology.in/blog/syslog-integration-with-checkpoint/) or the 'Checkpoint log exporter' ??

Regards,
Isuru

Cheers,
Isuru Malawige

FSM_FTNT · ‎06-18-2020

try this https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

isuru · ‎06-18-2020

Hi Dan,

Thanks, I will look into this.

Regards,
Isuru

Cheers,
Isuru Malawige