Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Ivory

How to use port 18189 as OPSEC LEA port for Mcaffe SIEM integration.

Hi,

We recently migrated from R77.30 to R80.40. From R77.30 we have two OPSEC LEA applications, ALGOSEC on port 18184 and McAfee SIEM(10.4) on port 18189, both working fine. After we migrated to R80.40, only ALGOSEC is working on port 18184. We cannot establish connection to McAffe on port 18189 anymore.  Ports were already open and as well as policies. When testing on netstat, Checkpoint manager is only listening to one po which is the default 18184. Does anyone experience also this issue on R80.40. 

As per tshooting, it seems like only 1 port can be enable on OPSEC LEA. It only listens to 1 port. you cannot have both 18189 and 18184 working. See below screenshots.fwopsec.JPG

 

Sic_policy.JPG

 

18184.JPG

 

18189.JPG

 

both 18189 18184.JPG

 

 

 
 
 
 

 

0 Kudos
2 Replies
Highlighted
Employee++
Employee++

Have you engaged with TAC to investigate?

As an alternative I would recommend exploring the Log Exporter (sk122323).

0 Kudos
Highlighted
Ivory

I have successfully get both working today. 😄 I had read @PhoneBoy 's comments on the similar issue. He said having two authenticated OPSEC LEA ports is not possible on checkpoint. So I tweak the LEA ports and got it to work now. Below is my fwopsec.conf setting.

lea_server port 18189
lea_server auth_port 18184

0 Kudos