Hello,

We are using Algosec to analyze our devices through Lea + CMI on an MDS installation, and everything was working fine until we needed to add a separate CMA + gateways in new domain. In this case, log collection from gateway devices occurs not on a MLM or CMA server, but on a standalone log server that is located in our new domain.

During the log analysis process, Algosec tries to access the standalone server directly via LEA using a previously generated certificate (which was created in the OpsSec application object). Although Algosec can correctly identify the log server, when trying to access it via the LEA API, an error message is displayed: "ERROR: SIC ERROR 301 - SIC Error for lea: Certificate chain is inconsistent". The corresponding errors are not observed if the analysis is run from a gateway whose log server is specified as MLM.

I have consulted this knowledge base article, but on the standalone server, it does not allow any operations with the cpca_client: https://support.checkpoint.com/results/sk/sk181527.

Therefore, my question is: Is it possible to allow access to the standalone log server through LEA using the certificate?

Version Take 84 R81 20