This article applies to:
Question:
How do I configure Check Point NG to produce log files Firewall Suite can analyze?
Procedure:
To create logs that can be read by Firewall Suite, Check Point NG firewalls require additional configuration beyond that required by the Firewall-1 product from Check Point. The latest version of the Firewall Configuration Guide contains information for Check Point NG. You can obtain this document from the following page:
https://support.trustwave.com/Firewall-Suite/documentation.asp
For your convenience the additional information is repeated below.
Instructions:
Perform the following steps at the end of the "OPSEC LEA (server-side configuration)".
Server-side configuration for Check Point NG
Check Point NG requires the following additional configuration for retrieval of log records via OPSEC LEA.
- Edit the file
fwopsec.conf, found in %NG_INSTALL_DIR%/conf/. Delete the following lines.
- Replace with the following lines, appended to the bottom of the file.
- Stop the firewall by typing
fwstop at a command prompt.
- Restart the firewall and load the changes by typing
fwstop at a command prompt.
- In the Policy Editor at Manage | Network Objects | New | Workstation, define the Firewall Suite machine as a workstation.
- In the Policy Editor at Manage | OPSEC Applications | New | OPSEC Application, define the Firewall Suite as an OPSEC application. In the Hosts drop-down list, select the workstation you defined in the previous step.
Notes:
If you are using Check Point NG with a Feature Pack (FP) installed, additional configuration to the fwopsec.conf file needs to be made.
The following line must be added in addition to the changes above for the OPSEC LEA connection to work properly.
For an authenticated connection:
lea_server auth_type auth_opsec
For an unauthenticated connection:
lea_server auth_type none
- This article was previously published as:
- NETIQKB2395