How to configure the External Security Log Server on Locally Managed SMB appliances
Follow these steps:
- Connect with SmartDashboard to the Security Management Server / Domain Management Server.
-
Create a new Security Gateway object for the appliance:
-
In Network Objects, right-click on Check Point - go to Check Point - click on Security Gateway/Management...:
-
Select Wizard Mode:
-
On the General Properties page:
- Enter the Gateway Name exactly as it is on the Gateway.
- In Gateway platform, select "Other".
- Enter Gateway IP address.
- Click on Next.
Example:
-
On the Trusted Communication page, select Skip and initiate trusted communication later - click on "Next":
- Click on "Finish".
-
Click on "Save" to save the changes (or go to File menu - click on Save).
Example:
- The new Gateway object should appear in Network Objects.
-
Open the appliance's object - click on Communication...:
- Select platform Small Office Appliance
- Select "Initiate trusted communication securely by using a one-time password".
- Select "Initiate trusted communication automatically when the Gateway connects to the Security Management server for the first time".
- Click on "OK".
Example:
- Save the changes (go to File menu - click on Save).
-
Get the Management Server's SIC name:
- Connect to the command line on the Security Management Server / Multi-Domain Security Management Server.
- Login to Expert mode.
-
On the Multi-Domain Security Management Server, switch to the context of the involved Domain Management Server:
[Expert@HostName:0]# mdsenv <Name of Domain Management Server>
-
Get the SIC name:
[Expert@HostName:0]# $CPDIR/bin/cpprod_util CPPROD_GetValue SIC MySICname 0
Copy the entire string.
Example output:
cn=cp_mgmt,o=My_MGMT-1..gugcq3
-
Configure the External Security Log Server in the appliance's WebUI:
- Connect to the appliance's WebUI and log in.
- Go to the Logs & Monitoring tab - in the left pane, click on Log Servers
- In the "External Security Log Server - not configured" line, click on Configure...
-
Configure the External Security Log Server:
- Enter the IP address of the Security Management Server / Domain Management Server.
- Enter the Management Server's SIC name.
- Enter the SIC password.
- Click on Apply.
Example:
-
A message should appear in SmartDashboard that SIC was established with the appliance.
Example:
-
Install database (go to File menu - click on Install database)
-
Connect with SmartView Tracker to the Security Management Server / Domain Management Server and verify that logs are received from the appliance.
Example:
Troubleshooting:
If the connection between the Gateway and the Management Server does not succeed, you may get the following error on the Gateway:
Unable to connect to Log Server. Exit Code 1
What to check:
- Run CPCA debug on the Management Server: #fw debug cpca on TDERROR_ALL_ALL=5 ;
- Run #tail -f $FWDIR/log/cpca.elg ;
- Try to search for : "...common name is missing in dn" that states that the Gateway name/certificate is not the same/invalid.
- Try to fix it by reinitializing the Gateway Internal CA and creating a Gateway object with the same name as the physical Gateway.
- Verify that the Gateway object name is now identical to the name that is configured on the physical Gateway.
- Reinitialize the SIC between the locally managed Gateway and the Management Server.
- In Management, check the CPCA debug again and look for "... cert status is now valid ".
- Turn of the debug: fw debug cpca off RDERROR_ALL_ALL=0 ;
|
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
|
