Connecting R80.40 SmartEvent to R77.X Security Management Server

This procedure explains how to configure a dedicated server for these components:

• SmartEvent Server Dedicated Check Point server with the enabled SmartEvent Software Blade that hosts the events database. and SmartEvent Correlation Unit SmartEvent software component on a SmartEvent Server that analyzes logs and detects events.

To connect R80.40 SmartEvent Server and SmartEvent Correlation Unit to an R77.X Security Management Server:

1. Open an SSH connection to the SmartEvent Server.

2. Run this script:

   $RTDIR/scripts/SmartEvent_R80_change_dbsync_mode.sh

3. Wait until the script has finished running. This is when cpstart has finished and you have a prompt.

4. Run: cpconfig

5. Select (2) Administrator to configure the SmartEvent Server administrators.

   Note - Administrators that are configured in R77.X SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on. cannot manage the R80.40 SmartEvent Server.

6. Open the R77.X SmartDashboard Legacy Check Point GUI client used to create and manage the security settings in versions R77.30 and lower. In versions R80.X and higher is still used to configure specific legacy settings..

7. In SmartDashboard, create a Check Point Host object for the SmartEvent Server R80.40.

8. Create an SIC Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. trust between the Security Management Server Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. and the new SmartEvent Server R80.40.

9. Define it with the highest version available and ignore the "Warning" message.

10. For a dedicated SmartEvent Correlation Unit that is not a SmartEvent Server: In the Logs page, click Enable SmartLog.

11. In the Check Point Host > Management tab, enable these Software Blades:

    • Logging & Status

    • SmartEvent Server

    • SmartEvent Correlation Unit

12. Click OK.

13. Click Menu > Policy > Install Database > select all objects > click Install.

14. Wait until the server synchronizes and loads SmartEvent.

See also Advanced Configuration for a dedicated SmartEvent Server that is also a Correlation Unit in Connecting R80.40 SmartEvent to R80.40 Security Management Server.

Note - For Security Gateways R77.30 and lower: activate the Firewall session for the network activity report Summary of network activity and Security Policy enforcement that is generated by Check Point products, such as SmartEvent. in Exporting Views and Reports.