Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Establishing Secure Communication Between Check Point and JSA

SUMMARY Configure Configuration Source Management in JSA to connect to the Check Point SMS. Add the OPSEC Application details from the SmartDashboard, and request a security certificate from Check Point.

Configure the OPSEC application details in Configuration Source Management and set up the certificate exchange. After the configuration is complete, use Configuration Source Management to discover the new entry.

  1. Log in to JSA as an administrator.
  2. On the navigation menu, click Admin.
  3. Click Apps or scroll down to find the Configuration Source Management icon.
  4. Click the Configuration Source Management icon.
  5. On the navigation menu, click Credentials.
  6. From the Network Groups pane, click the (+) symbol.
  7. Type a name for the network group.
  8. In the Add address (IP, CIDR, Wildcard, or Range) field, type the IP address of your SMS.
  9. Click (+) to add the IP address.
  10. Type your SMS SmartDashboard username and password.

    To configure the OPSEC fields, use the information from the OPSEC Application Properties window of the SmartDashboard, where you selected the CPMI checkbox for the client entity.

  11. From the DN field, copy and paste this information into the OPSEC Entity SIC Name field.
  12. Edit the entry that you pasted into the OPSEC Entity SIC Name by replacing the CN= property value with: cp_mgmt_hostname where <hostname> is the Host name that is used for the OPSEC application Host field.

    The following examples show an OPSEC Application DN and OPSEC Application Host, which is used to create the Entity SIC Name:

    • OPSEC Application DN: CN=cpsmsxxx,O=svxxx-CPSMS..bsaobx

    • OPSEC Application Host: Srvxxx-SMS

    Tip:

    Use text from the OPSEC Application DN and the OPSEC Application Host to form the Entity SIC Name:

    The Entity SIC Name is CN=cp_mgmt_Srvxxx-SMS,O=svxxx-CPSMS..bsaobx

    The Entity SIC Name in this configuration is based on a Gateway to Management Server setup. If your SMS IP address is not used as a gateway, use the Management Server configuration from the table:

    Table 1: Entity SIC Name Formats
    Type Name
    Management Server CN=cp_mgmt,O=<take_O_value_from_DN_field>
    Gateway to Management Server CN=cp_mgmt_<gateway_hostname>,O=<take_O_value from_DN_field>
  13. From the DN field, copy the entry, and paste this information into the OPSEC Application Object SIC Name field.
  14. Click Get Certificate.
  15. Enter the SMS IP address in the Certificate Authority IP field.
  16. Enter the one-time password in the Pull Certificate Password field.
    The one-time password is from the Communication window in the OPSEC Application Properties of the SmartDashboard, where you selected the CPMI checkbox for the client entity.
  17. Click OK.

    If successful, the OPSEC SSL Certificate field is populated and disabled .

    Verify that the Trust State property, in the Communication window of the OPSEC Application Properties, changes to Trust established.

    The credentials are set up, and now you can run a discovery.

  18. On the navigation menu, click Discover From Check Point SMS.
  19. In the CPSMS IP Address field, type the IP address of the SMS.
Initializing Rule Counting for Check Point