Configuring Check Point Open Platform for Security (OPSEC)

  1. On the Deep Discovery Email Inspector management console, go to Administration > Integrated Products/Services > Auxiliary Products/Services.
  2. Select Check Point Open Platform for Security (OPSEC).
  3. Under Object Distribution, select Enable.
  4. Under Server Settings, select a connection type.
    Note:

    Ensure that your network configuration allows Deep Discovery Email Inspector to connect to the Check Point appliance.

    Deep Discovery Email Inspector may connect to the Check Point appliance through the secured connection port or clear connection port that is configured on the Check Point appliance. Deep Discovery Email Inspector also pulls the certificate from the Check Point appliance through port 18210.

    If you selected Secured connection, the OPSEC application name and SIC one-time password settings appear.

  5. Type a server name.
    Note:

    The server name must be the FQDN or IPv4 address of the auxiliary product.

  6. If you selected Secured connection, type the OPSEC application name and SIC one-time password.

    For more details, see Configuring a Secured Connection.

    Note:

    If the one-time password is reset on the Check Point appliance, the new one-time password must be different than the previous one-time password.

  7. Type the port.
    Note:

    This port must be the same port that is configured on the security gateway. For details, see Preconfiguring a Security Gateway.

  8. (Optional) Click Test Connection.
  9. To send object information from Deep Discovery Email Inspector to this product/service, configure the following criteria:
    • Object type:

      • Suspicious Object

        • IPv4 address

    • Risk level:

      • High only

      • High and medium

      • High, medium, and low

  10. Click Save.
  11. On your Check Point firewall appliance, preconfigure a security gateway. For details see Preconfiguring a Security Gateway.
  12. Go to Check Point SmartConsole and do the following to configure your Check Point appliance for deploying suspicious objects from Deep Discovery Email Inspector:
    1. On the SECURITY POLICIES tab, go to Access Control > Policy.
    2. To add a rule, click the Add rule above icon.
    3. To configure the new policy, right-click the action.
    4. Change the action to Accept.
    5. Right-click the source.

    6. Select Add new items....

      The following screen appears.

    7. Click the new icon ().
    8. Select Address Ranges > Address Range....

      The New Address Range window appears.

    9. In the Enter Object Name field, type DDEI.
    10. In First IP address, type the Deep Discovery Email Inspector IP address.
    11. In Last IP address, type the Deep Discovery Email Inspector IP address.
    12. Click OK.
    13. Right-click the destination.
    14. Select Add new items....
    15. Click the new icon ().
    16. Select Address Ranges > Address Range....

      The New Address Range window appears.

    17. In the Enter Object Name field, type CheckPoint.
    18. In First IP address, type the CheckPoint IP address.
    19. In Last IP address, type the CheckPoint IP address.
    20. Click OK.
    21. Click Install Policy.

      The following window opens.

    22. Click Publish & Install.

      The target gateway installs.

    23. Click Install.

      The Check Point appliance is enabled to receive suspicious objects from Deep Discovery Email Inspector.

  13. On the Deep Discovery Email Inspector management console, configure the following criteria to send suspicious object information from Deep Discovery Email Inspector to this product/service:
    • Object type:

      • Suspicious Object

        • IPv4 address

    • Risk level:

      • High only

      • High and medium

      • High, medium, and low

  14. Under Advanced Settings, click one of the following actions:
    • Reject: Packets will be rejected and a notification sent to the communicating peer that the packet has been rejected.

    • Drop: Packets will be dropped without sending the communicating peer a notification.

    • Notify: A notification about the defined activity will be sent but the activity will not be blocked.

  15. Click Save.
  16. (Optional) Click Distribute Now to distribute suspicious objects to Check Point immediately.
  17. To view suspicious objects distributed by Deep Discovery Email Inspector on Check Point SmartView Monitor, do the following:
    1. On Check Point SmartConsole, go to Logs & Monitor.
    2. Add a new tab.

    3. Click Tunnels & User Monitoring to open SmartView Monitor.
    4. Click the Launch Menu icon and go to Tools > Suspicious Activity Rules.

      The Enforced Suspicious Activity Rules window opens.

    5. At Show On, select the target Check Point appliance name.
    6. Click Refresh.

    Suspicious objects distributed by Deep Discovery Email Inspector are displayed.