I'm using a deployment server to push my CheckPoint app to external+ forwarders. Should I create the OPSEC application in CheckPoint using the IP address of the forwarder or deployment server??
You'll need to create the OPSEC application using the IP address of the forwarder (OPSEC LEA Client). While the deployment server will be used to initially to send the app to the forwarder, all communication to the OPSEC LEA server (the Check Point device splunk will pull logs from) will take place on the forwarder.
You'll need to create the OPSEC application using the IP address of the forwarder (OPSEC LEA Client). While the deployment server will be used to initially to send the app to the forwarder, all communication to the OPSEC LEA server (the Check Point device splunk will pull logs from) will take place on the forwarder.