Edit your OPSEC communications configuration

This section describes how to modify your Check Point configuration to allow OPSEC communications on non-standard ports.

It also explains how to configure communications in a clear text, unauthenticated stream, and verify the configuration in IBM® QRadar®.

Change your Check Point Custom Log Manager (CLM) IP address

If your Check Point configuration includes a Check Point Custom Log Manager (CLM), you might eventually need to change the IP address for the CLM, which impacts any of the automatically discovered Check Point log sources from that CLM in QRadar. When you manually add the log source for the CLM by using the OPSEC/LEA protocol, all Check Point firewalls that forward logs to the CLM are automatically discovered by QRadar. These automatically discovered log sources cannot be edited. If the CLM IP address changes, you must edit the original Check Point CLM log source that contains the OPSEC/LEA protocol configuration and update the server IP address and log source identifier.

After you update the log source for the new Check Point CLM IP address, then any new events reported from the automatically discovered Check Point log sources are updated.

Important: Do not delete and re-create your Check Point CLM or automatically discovered log sources in QRadar. Deleting a log source does not delete event data, but can make finding previously recorded events more difficult.