Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring OPSEC Applications in the SmartDashboard

SUMMARY Create and configure two OPSEC applications in your Check Point SmartDashboard, which facilitates the transfer of log files between Check Point and JSA.

Create two OPSEC (Open Platform for Security) applications. One needs a client entity property of CPMI (Check Point Management Interface) for JSA Risk Manager. The other needs a client entity property of LEA (Log Export API) for the JSA Risk Manager log source.

  1. From the Manage menu on the toolbar, click Servers and OPSEC Applications.
  2. Click New > OPSEC Application.
  3. In the Name field, type a name for the application.
  4. From the Host list, select a host, or click New to add a host.
  5. Under Client Entities, select the CPMI checkbox .

    This option is required for JSA Risk Manager Configuration Source Management (CSM).

  6. Click Communication.
  7. In the One-time password field, type a password and then confirm it.

    The password is used several times during setup, and you need to reuse it so that JSA can use a security certificate from Check Point.

  8. Click Initalize.

    The Trust state changes to Initialized but trust not established.

  9. Click Close.
  10. To populate the DN field in the Secure Internal Communication section, click OK.
  11. To view the populated DN field, select your OPSEC Application, and click Edit

    The DN field is now populated. This information is used for the Application Object SIC Attribute (SIC Name) and the SIC Attribute (SIC Name) when you set up the log source and Configuration Source Management in JSA.

  12. Create the second OPSEC application to use with the log source.

    Follow steps 1-11 for creating the first OPSEC Application, with two exceptions:

    • For the Name field in step 3, use a different name from the first OPSEC application.
    • For Client Entities in step 5, select the LEA checkbox.

    Make sure that the Trust state displays Initialized but trust not established.

    Tip: Use the same one-time password for this OPSEC application to avoid any confusion with passwords.
  13. In SmartDashboard, close all windows until you get back to the main SmartDashboard window.
  14. From the Policy menu on the toolbar, click Install.
  15. Click Install on all selected gateways if it fails do not install on gateways of the same version.
Configuring the Check Point Log Source