- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Re: Does R80.10 supports OPSEC?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does R80.10 support OPSEC?
Hello Guys,
Does someone know for sure if we can still use OPSEC with Smarcenter in R80.10?
We are going to migrate in R80.10 and we are using Splunk to collect Checkpoint logs.
I can't find something write down saying how to configure interaction between R80.10 / Splunk. Do we have to use syslog? If yes what is the recommended configuration?
Thanks!
- Labels:
-
Integrations
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
R80.10 supports OPSEC and Splunk is an Official OPSEC Partner.
Configure Splunk as shown below and install the Splunk Add-On.
Right-click on Servers > OPSEC Application > Application...
Related:
About the Splunk Add-on for Check Point OPSEC LEA
Install the Splunk Add-on for Check Point OPSEC LEA
Configure the Splunk Add-on for Check Point OPSEC LEA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
R80.10 supports OPSEC and Splunk is an Official OPSEC Partner.
Configure Splunk as shown below and install the Splunk Add-On.
Right-click on Servers > OPSEC Application > Application...
Related:
About the Splunk Add-on for Check Point OPSEC LEA
Install the Splunk Add-on for Check Point OPSEC LEA
Configure the Splunk Add-on for Check Point OPSEC LEA

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you follow the links in Danny's excellent reply there is lots of info there to set it up. In addition by default the R80 internal CA supports SHA-256 certificates for the SIC connection. Splunk's LEA client supports SHA-256 since there 4.0.0 release in June 2016. More info is in their release notes history.
hth,
bob
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks a lot.
It seems pretty clear. I don't know why I have received the message that it's not supported anymore and that we should use syslog.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You may need to check your SDK version.
The older SDK versions don't understand SHA256.
I got it working in my lab on a brand new Splunk installation. The trick is to add the SDK files and use the latest version before you start to configure it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To answer the more general question of OPSEC in R80.x, yes it is supported, with some limitations:
- SHA256 CAs are now the default, which means you may need to update your applications to support
- CPMI is only partially supported (namely you need to use the R80.x API to manage the security policy, but you can still use it to manipulate individual objects)
- Legacy parts of OPSEC (e.g. CVP and UFP) are no longer supported
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Note that going forward, we recommend using Log Exporter guide.
Many SIEM integrations now use this (Splunk does), others are in process.
