Hi all, we are in the process of connecting one of our CheckPoint firewalls with InsightIDR. We noticed in the event source setup page in InsightIDR that there’s a checkbox for encryption and it provides a certificate that can be downloaded. We were wondering how to install this certificate on the CheckPoint appliance so we are able to encrypt the traffic between the firewall and the collector. Has anyone experience with that?
This doc from the checkpoint side should get you started: https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_LoggingAndMonitoring_AdminGuide/Topics-LMG/Log-Exporter-TLS-configuration.htm
Thank you! If I read the article correctly then I need to create a self signed certificate, a client certificate for the Log Exporter and a server certificate. The server certificate will then be installed on my local collector right?
this may be a little late to the conversation but rapid7 doesn’t handle mutual authentication when it comes to secure syslog,
we worked around this by deploying a syslog forwarder, basically a Linux server with Rsyslog and gnutls to allow the syslog to accept tls traffic and created our self signed certificates and provided them to checkpoint.
then added a rsyslog forwarding rule to forward anything containing “CheckPoint”