<< Click here to display Table of Contents >>

CheckPoint OPSEC Manager

Contents

The system checks the NAT, IPSec VPN, and ACL policy information about firewalls during path calculation to demonstrate accurate traffic path status, but this information cannot be retrieved directly via CLI commands for CheckPoint firewalls. To solve this problem, the system provides CheckPoint OPSEC Manager to retrieve the data from your existing CheckPoint OPSEC management system, save the data and further use it during path calculation.

Note: This method does not apply to Checkpoint Firewall R80. To discover and retrieve data of Checkpoint Firewall R80, see Discovering Checkpoint Firewall R80 for details.

Getting Required Data of CheckPoint Firewalls

1.Log in to the Domain Management page.

2.In the Domain Management page, select Operations > Benchmark Tools > CheckPoint OPSEC Manager from the quick access toolbar.

3.In the CheckPoint OPSEC Manager, click Add.

1)Enter the information to access the CheckPoint firewall management system. For example, CheckPoint SmartDashboard.

▪SIC Name — the OPSEC client DN which is the secure key to communicate with the management system.

Tip: For how to get the DN, refer to Obtaining DN in Checkpoint Firewall Management System.

▪Username — the username to log in to the SmartDashboard.

▪Password — the password to log in to the SmartDashboard.

▪IP Address — the IP address of the SmartDashboard.

▪Port — the communication port of the SmartDashboard. By default, the port number is 18190.

▪Front Server/Front Server Group — the Front Server or Front Server group that will be used to access the SmartDashboard and collect data from it.

Tip: The Front Servers and Front Server Groups in the drop-down list are synchronized with those configured in the Network Settings.

2)Click Test to check whether the data of the CheckPoint firewall in the management system can be retrieved.

4.Go to schedule a Benchmark task, select the NAT Table and IPsec VPN Table options to retrieve the NAT, IPsec VPN and ACL information for path calculation.

Note: To retrieve the ACL policies on CheckPoint firewalls, select at least one of the above two options.

Obtaining DN in CheckPoint Firewall Management System

The procedures to obtain DN in Checkpoint firewall management system vary depending on domain environments:

▪To obtain DN for a single domain, do the following:

▪To obtain DN for a multi-domain environment, do the following: