Connecting R80.30 SmartEvent to R80.30 Security Management Server

This procedure explains how to configure a dedicated server for these components:

• SmartEvent Server and SmartEvent Correlation Unit

To connect R80.30 SmartEvent Server and SmartEvent Correlation Unit to R80.30 Security Management Server:

1. In SmartConsole, create a new Check Point host object for the SmartEvent Server.
2. Create an SIC trust with the SmartEvent Server.
3. Select Version R80.30.
4. On the Management tab, enable these Software Blades:
   • Logging & Status
   • SmartEvent Server
   • SmartEvent Correlation Unit
5. On a dedicated SmartEvent Server that is not a Log Server (recommended): In the Logs page, make sure that Enable Log Indexing is not selected. This ensures that Firewall connections (which are not relevant for views and reports) are not indexed.
6. Click OK.
7. Click Publish.
8. Click Install Database.

Note - For R77.30 Gateways and lower: activate the firewall session for the network activity report.

Advanced Configuration for a dedicated SmartEvent Server that is also a Correlation Unit

1. Open the SmartEvent GUI:
   1. In SmartConsole > Logs & Monitor, click + to open a catalog (new tab).
   2. Click SmartEvent Settings & Policy.
2. In Policy tab > Correlation Units, define a Correlation Unit object.
3. Select the production Log Servers and local log server on the SmartEvent Server to read logs from.
4. In Policy tab > Internal Network, define the internal Network.
5. Click Save.
6. Install the Event Policy on the Correlation Unit: SmartEvent menu > Actions > Install Event Policy.