Preparing the Check Point Firewall Server

Note:

The following procedure assumes you are using Check Point Firewall R77.20 with Gaia OS and SmartDashboard R77.20.

Important:

You must prepare the Check Point firewall server before preparing the authentication certificate configuration files.

  1. Configure the Check Point Suspicious Activity Monitoring (SAM) server ports for Check Point Open Platform for Security (OPSEC) communication.
    1. Log on to the Check Point firewall server in expert mode.
    2. Use the following command to locate and open the fwopsec.conf file in the VI editor: vi /var/opt/CPsuite-R77/fw1/conf/fwopsec.conf
    3. Locate sam_server auth_port and change the port number to "18181".

      sam_server auth_port 18181

    4. Locate sam_server port and change the port number to "18180".

      sam_server port 18180

    5. Press ESC to return the VI editor to command mode.
    6. Use the following command to save changes: :wq
    7. Use the following command to shutdown and reboot the server: shutdown -r -h 0
  2. Log on to the Check Point SmartDashboard console.
  3. Allow the FW1_sam and FW1_ica_pull services through the Check Point firewall.
    1. On the Firewall tab, click Policy.
    2. Click Add Rule at the Top.
    3. In the Service column of the newly created rule, click the (+) icon and select FW1_sam from the drop-down list.
    4. Right-click the Action column of the newly created rule and set the property to Accept.
    5. Click Add Rule at the Top.
    6. In the Service column of the newly created rule, click the (+) icon and select FW1_ica_pull from the drop-down list.
    7. Right-click the Action column of the newly created rule and set the property to Accept.
    8. Click Install Policy.
  4. Create an OPSEC application and a one-time password.
    1. Go to Manage > Servers and OPSEC Applications.
    2. Click New and select OPSEC Application from the drop-down menu.
    3. Specify the following:
      • Name: Type a name for the OPSEC application

      • Host: Select the Check Point firewall server from the drop-down list

    4. In the Client Entities section, select SAM.
    5. Click Communication.
    6. Create and confirm a one-time password.
    7. Click Initialize.

      A confirmation dialog appears.

    8. Click Close.
    9. Click OK.