Topic Thread

Expand all | Collapse all

Checkpoint OPSEC LEA Integration

  • 1.  Checkpoint OPSEC LEA Integration

    Posted 14 days ago
    Hi,

    We have been trying to integrate Checkpoint Firewall logs from Smart Console via OPSEC API. We successfully pulled the certificate from "opsec_pul_cert" CLI tool but we have an issue when trying to pull the certificate from FortiSIEM GUI.

    FortiSIEM 5.3.0
    Checkpoint R80.10

    Did anyone come across with this issue before?

    Regards,
    Isuru


  • 2.  RE: Checkpoint OPSEC LEA Integration

    Posted 8 days ago
    Hi Isru,

    CheckPoint can be interesting to integrate with due to certificates, certificate hashing and CheckPoint architecture. 

    Simple things to check:

    Make sure connectivity is available to CP from FSM Super or Collectors.
    Are you using SmartCenter or is it CLM, MLM, CLA.
    Check what version of CheckPoint is running.


    Probably a more straightforward way to integrate is to forward events from CP in Syslog CEF format, this is supported by FortiSIEM and CheckPoint supports this now.


  • 3.  RE: Checkpoint OPSEC LEA Integration

    Posted 7 days ago
    Hi Daniel,

    Thanks for the update. There's no connectivity issue. We are using "Checkpoint SmartConsole" for "R80.10" Firewalls.

    I will look into syslog as well.

    Regards,
    Isuru


  • 4.  RE: Checkpoint OPSEC LEA Integration

    Posted 3 days ago
    Hi Daniel,

    Regarding the Syslog Forwarding... Were you referring to this kind of a scenario (https://qostechnology.in/blog/syslog-integration-with-checkpoint/) or the 'Checkpoint log exporter' ??

    Regards,
    Isuru