User guide

ManualsBrandsMSI ManualsHome building and DecorSupero CSE-M35S

211

212

213

214

215

216

217

218

219

220

ManageEngine Firewall Analyzer :: User Guide

210

Zoho Corp.

lea_server port 0

lea_server auth_port 18184

2. Restart the firewall service

[4.1] fwstop ; fwstart

[NG] cpstop ; cpstart

3. Add a rule to the policy to allow the port defined above port 18184 (assuming

default LEA connection port) from the Firewall Analyzer machine to the Check

Point Management Server and vice versa.

4. Install the policy

The following steps will help you configure an sslca authenticated connection to the

Check Point firewall, carryout the configuration in the Check Point firewall Management

Station:

1. Create a new OPSEC Application Object with the following details:

a. Name (e.g., myleaclient)

b. Vendor: user defined

c. Server Entities: none

d. Client Entities: LEA

2. Initialize Secure Internal Communication (SIC) for this OPSEC Application Object

and enter the activation key (e.g. def456). Note down this activation key, as you

will need it later.

3. Write down the DN of this OPSEC Application Object. This is the Client

Distinguished Name, which you need later on.

4. Open the object of the Check Point Management Server and write down the DN of

that object. This is the Server Distinguished Name.

5. Add a rule to the policy to allow the port defined above, as well as port 18210/tcp

(FW1_ica_pull) in order to allow pulling of PKCS#12 certificate from the Firewall

Analyzer to the Check Point Management Server. The port 18210/tcp can be shut

down after the communication between Firewall Analyzer and the Check Point

Management Server has been established successfully.

6. Install the policy.

Configuring the attributes of Check Point Firewall Server in Firewall Analyzer

OPSEC Application

Object Name

Ex. myleaclient

Activation Key Ex. def456

SIC Name

Ex. CN=myleaclient,O=cherry-win1..9mob46

LEA Server

Authentication Type

Ex. sslca

SIC Name

Ex. cn=cp_mgmt,o=cherry-win1..9mob46

The attributes to be configured are described in the table below:

Attributes

Description

OPSEC

Application -

Object Name

This is the applications NAME that is defined when creating the

application object in the Policy Editor under the OPSEC Applications

Properties Name field.

OPSEC

Application -

Activation Key

This is the one time password (Activation Key) that was defined when

clicking 'Communications' in the OPSEC Applications Properties

window.