Technical data
Page 28
Chapter 4
Configuring SmartEvent
This section explains how to get up and running with SmartEvent.
In This Chapter
Preparing SmartEvent on Security Management Server 28
Preparing SmartEvent on the Multi-Domain Server 28
Enabling Connectivity with Multi-Domain Security Management 29
Configuring the SmartEvent Clients 29
Preparing SmartEvent on Security
Management Server
To configure SmartEvent, first establish connectivity between the components.
1. Launch SmartDashboard.
2. In SmartDashboard, create a new host for each computer that contains a component of SmartEvent:
a) Select Manage > Network Object > New > Check Point > Host
b) In the General Properties window, click Communication and enter the activation key.
Note - If the Security Management Server and SmartEvent are installed on different sides of the firewall,
add a rule that allows SIC traffic between them.
c) The version is not entered automatically if the SmartEvent version is newer than the version of the
Security Management Server. If so, select the most recent version available from the Version drop-
down list.
d) In the Management Software Blades list, select the blades that are installed on the new host.
3. Install the database on all log servers from which SmartEvent reads data: select Policy > Install
Database and select the log servers as the targets.
4. To allow the SmartEvent Intro server to block attacks from specific IP addresses, configure the Security
Management Server to accept SAM commands from the SmartEvent Intro server:
a) On the Security Management Server, edit the $CPDIR/conf/sic_policy.conf file:
Search for the section [Inbound rules], and add the following line under # sam proxy:
DN_Mgmt ; Reporting_Tool; ANY; sam ; sslca
b) From the command line in the Security Management Server computer, run the following commands:
cpstop
cpstart
Preparing SmartEvent on the Multi-Domain
Server
The first stage configuring SmartEvent is to establish connectivity between the components.
1. Launch Global SmartDashboard.