Check Point Security Management Server OPSEC adapter

Use the Check Point Security Management Server OPSEC adapter to discover and backup end nodes that are managed by the CPSMS versions NGX R60 to R77.

The following features are available with the Check Point Security Management Server OPSEC adapter:

OPSEC protocol
Dynamic NAT
Static NAT
Static routing

The CPSMS adapter is built on the OPSEC SDK 6.0, which supports Check Point products that are configured to use certificates that are signed by using SHA-1 only.

The following table describes the integration requirements for the CPSMS adapter.

Table 1. Integration requirements for the CPSMS adapter
Integration requirement	Description
Versions	NGX R60 to R77
Required credential parameters To add credentials in QRadar®, log in as an administrator and use Configuration Monitor on the Risks tab.	Use the credentials that are set from Discovering devices in your network.
Supported connection protocols To add protocols in QRadar, log in as an administrator and use Configuration Monitor on the Risks tab.	CPSMS
Configuration requirements	To allow the cpsms_client to communicate with Check Point Management Server, the $CPDIR/conf/sic_policy.conf on CPSMS must include the following line: `# OPSEC applications defaultANY ; SAM_clients ; ANY ; sam ; sslca, local, sslca_comp# sam proxyANY ; Modules, DN_Mgmt ; ANY; sam ; sslcaANY ; ELA_clients ; ANY ; ela ; sslca, local, sslca_compANY ; LEA_clients ; ANY ; lea ; sslca, local, sslca_compANY ; CPMI_clients; ANY ; cpmi ; sslca, local, sslca_comp`
Required ports	The following ports are used by QRadar Risk Manager and must be open on CPSMS: Port 18190 for the Check Point Management Interface service (or CPMI) Port 18210 for the Check Point Internal CA Pull Certificate Service (or FW1_ica_pull) If you cannot use 18190 as a listening port for CPMI, then the CPSMS adapter port number must be similar to the value listed in the $FWDIR/conf/fwopsec.conf file for CPMI on CPSMS. For example, `cpmi_server auth_port 18190`.