<< Click here to display Table of Contents >>

CheckPoint OPSEC Manager

Contents

The system checks the NAT, IPSec VPN and ACL policy information of firewalls during path calculation to demonstrate accurate traffic path status, but this information cannot be retrieved directly via CLI commands for CheckPoint firewalls. To solve this problem, the system provides CheckPoint OPSEC Manager to retrieve the data from your existing CheckPoint OPSEC management system, save the data and further use it during path calculation.

Getting Required Data of CheckPoint Firewalls

1.Log into Domain Management page.

2.In the Domain Management page, select Operations > Domain Maintenance > CheckPoint OPSEC Manager from the quick access toolbar.

3.In the CheckPoint OPSEC Manager, click Add.

1)Enter the information to access the CheckPoint firewall management system. For example, CheckPoint SmartDashboard.

▪SIC Name — the OPSEC client DN which is the secure key to communicate with the management system.

Tip: For how to get a DN, refer to Obtaining DN in Checkpoint Firewall Management System.

▪Username — the username to log into the SmartDashboard.

▪Password — the password to log into the SmartDashboard.

▪IP Address — the IP address of the SmartDashboard.

▪Port — the communication port of the SmartDashboard. By default, the port number is 18190.

▪Front Server/Front Server Group — the Front Server or Front Server group that will be used to access the SmartDashboard and collect data from it.

Tip: The Front Servers and Front Server Groups in the drop-down list are synchronized with those configured in the Network Settings.

2)Click Test to check whether the data of the CheckPoint firewall in the management system can be retrieved.

4.Go to schedule a Benchmark task, select the NAT Table and IPsec VPN Table options to retrieve the NAT, IPsec VPN and ACL information for path calculation.

Note: To retrieve the ACL policies on CheckPoint firewalls, select at least one of the above two options.

Obtaining DN in CheckPoint Firewall Management System

The procedures to obtain DN in Checkpoint firewall management system is different depending on domain environments:

▪To obtain DN for a single domain, do the following:

▪To obtain DN for a multi-domain environment, do the following: