Connecting R80.40 SmartEvent to R80.40 Multi-Domain Server

You can configure a dedicated R80.40 server for SmartEvent components, and connect them to one or more Domains in an R80.40 Multi-Domain Security Management environment.

This procedure explains how to configure a dedicated server for these SmartEvent components:

SmartEvent Server Dedicated Check Point server with the enabled SmartEvent Software Blade that hosts the events database. and SmartEvent Correlation Unit SmartEvent software component on a SmartEvent Server that analyzes logs and detects events.

Notes:

In R80 Multi-Domain Security Management environment, you can only define the SmartEvent Server and SmartEvent Correlation Unit at the global level and not the domain level.
Configure SmartEvent to read logs from one domain or a number of domains.

To connect R80.40 SmartEvent Server and SmartEvent Correlation Unit to an R80.40 Multi-Domain Server:

Open SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on..
Log in to the Global Domain:
- In the SmartConsole login window, enter the Multi-Domain Server Dedicated Check Point server that runs Check Point software to host virtual Security Management Servers called Domain Management Servers. Synonym: Multi-Domain Security Management Server. Acronym: MDS. IP address or host name.
- Select the Global Domain from the list (Global).
Create a Check Point Host object for SmartEvent Server R80.40.
In the Check Point Host > Management, select these Management Blades:
- Logging & Status
- SmartEvent Server
- SmartEvent Correlation Unit
Initialize SIC Secure Internal Communication. The Check Point proprietary mechanism with which Check Point computers that run Check Point software authenticate each other over SSL, for secure communication. This authentication is based on the certificates issued by the ICA on a Check Point Management Server. with the new SmartEvent Server R80.40 Server.
Click OK.
Publish the SmartConsole session.
Reassign the Global Policy for the Domains that use SmartEvent. For new Domains, create a new global assignment.
In each Domain Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server., open SmartConsole.
Click Menu > Policy > Install Database > select all objects > click Install.
Wait until the server synchronizes and loads SmartEvent process.

See also Advanced Configuration for a dedicated SmartEvent Server that is also a Correlation Unit in Connecting R80.40 SmartEvent to R80.40 Security Management Server.

Note - For Security Gateways R77.30 and lower: activate the Firewall session for the network activity report Summary of network activity and Security Policy enforcement that is generated by Check Point products, such as SmartEvent. in Exporting Views and Reports.