大家好,欢迎来到IT知识分享网。
There are two ways to integrate STRM with Check Point Firewalls devices.
1. Using Syslog
On Check Point management station, you can follow these steps to redirect firewall logs and audit logs to the external syslog server:
a) Vi /etc/syslog.conf, on the management station, and add the following line at the end of the file:
local5.info @hostname
such as :
local5.info @10.9.20.23
where ‘10.9.20.23’ is the IP of the syslog server (Juniper STRM).
b) if your management server is SecurePlatform – Execute ‘service syslog restart’.
c) Add this command to /etc/rc.d/init.d/cpboot:
forward audit log to external syslog server by add following command:
fw log -ftnl $FWDIR/fw.adtlog | awk ‘NF’ | logger -p local5.info -t Firewall_Audit &
d) reboot Checkpoint management server and configure a new log source in STRM. Deploy Changes to STRM as well.
e) Verify:
tcpdump host 10.9.20.23
[[email protected]]# tcpdump host 10.9.20.23
tcpdump: listening on Mgmt
12:54:18.534293 CP-Management.syslog > 10.9.20.23.syslog: udp 253 (DF)
12:54:18.538859 CP-Management.syslog > 10.9.20.23.syslog: udp 16 (DF)
12:54:18.539622 CP-Management.syslog > 10.9.20.23.syslog: udp 225 (DF)
12:54:18.540382 CP-Management.syslog > 10.9.20.23.syslog: udp 16 (DF)
12:54:18.541115 CP-Management.syslog > 10.9.20.23.syslog: udp 252 (DF)
12:54:18.541904 CP-Management.syslog > 10.9.20.23.syslog: udp 16 (DF)
12:54:20.536629 CP-Management.syslog > 10.9.20.23.syslog: udp 280 (DF)
12:54:20.538424 CP-Management.syslog > 10.9.20.23.syslog: udp 16 (DF)
12:54:20.539194 CP-Management.syslog > 10.9.20.23.syslog: udp 228 (DF)
12:54:20.540009 CP-Management.syslog > 10.9.20.23.syslog: udp 16 (DF)
12:54:22.539075 CP-Management.syslog > 10.9.20.23.syslog: udp 225 (DF)
12:54:22.543184 CP-Management.syslog > 10.9.20.23.syslog: udp 16 (DF)
12:54:28.540703 CP-Management.syslog > 10.9.20.23.syslog: udp 249 (DF)
12:54:28.543712 CP-Management.syslog > 10.9.20.23.syslog: udp 16 (DF)
12:54:28.544410 CP-Management.syslog > 10.9.20.23.syslog: udp 225 (DF)
12:54:28.545036 CP-Management.syslog > 10.9.20.23.syslog: udp 16 (DF)
On STRM server 10.9.20.23, you should be able to see following logs activities:
2. Using OPSEC / LEA
a. Creating an OPSEC Application Object from Servers and OPSEC tab:
Note: Communication Initialized but trust not established, it is still fine to do firewall policy push. The communication will be established by itself after STRM configuration part done.
b. Write Down and Copy Two SIC DN info for STRM configuration
One is from new created OPSEC application: STRM_10.9.200.23
CN=STRM_10.9.200.23,O=CP-Management..wtx8w4
Another is from Mgmt Server CP_Management as show below:
cn=cp_mgmt,o=CP-Management..wtx8w4
c. STRM Log Source
d. add a new Checkpoint Firewall-1 OPSEC / LEA log Source
e. Verify SIC Connection from Checkpoint Mgmt Server OPSEC Application STRM_10.9.200.23
Reference:
1. Juniper STRM Configuring DSMs
2. How to send FireWall logs from Gaia-based Security Management Server to an external Syslog server
3. Forward Logs from Checkpoint SmartCenter Management Server and Juniper NSM / IDP to Syslog Server
免责声明:本站所有文章内容,图片,视频等均是来源于用户投稿和互联网及文摘转载整编而成,不代表本站观点,不承担相关法律责任。其著作权各归其原作者或其出版社所有。如发现本站有涉嫌抄袭侵权/违法违规的内容,侵犯到您的权益,请在线联系站长,一经查实,本站将立刻删除。 本文来自网络,若有侵权,请联系删除,如若转载,请注明出处:https://yundeesoft.com/14090.html