Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
LostBoY
Advisor

OPSEC Issue while integrating with Algosec

Hello,

 

I am trying to integrate a Checkpoint Mgmt Server on R80.40 to Algosec.. the ports are opened and connectivity is fine .. however i am getting the following debug logs in algosec.

Am i missing something with the configuration ?

 

Info: get_opsec_certificate: server name: m_1_1_1_1
Info: get_opsec_certificate: server addr: 1.1.1.1
Info: get_opsec_certificate: app name: AWS-Algosec
Info: get_opsec_certificate: CPMI port: 18190
Info: get_opsec_certificate: LEA port: 18184
Info: get_opsec_certificate: CPMI authorization type: sslca
Info: get_opsec_certificate: LEA authorization type: sslca
Info: get_opsec_certificate: CKP R80 or higher: yes
Info: get_opsec_certificate: Certificate was created successfully
CN is CN=AWS-Algosec,O=FW-Mgmt..z7o4t4
Info:creating /home/afa/.fa/firewalls/m_1_1_1_1/opsec_cpmi.conf
Info: Running: sha2_fa_cpmi_get_tables /home/afa/.fa/firewalls/m_1_1_1_1/opsec_cpmi.conf -t -v table applications 2>&1 | grep -i error
Info: OPSEC CPMI connection established to 1.1.1.1
Info: Trying authenticated OPSEC LEA connection to 1.1.1.1
Info: Running: sha2_fw1-loggrabber --debug-level 0 --leaconfigfile /home/afa/.fa/firewalls/m_1_1_1_1/lea.conf --configfile /usr/share/fa/data/fw1-loggrabber.conf -s 10 2>&1 | grep -i error
Error: Failed to establish authenticated LEA connection to 1.1.1.1
Info: Trying authenticated OPSEC LEA connection to 1.1.1.1 in debug mode (results will be shown if non-authenticated will fail as well)
Info: Running: sha2_fw1-loggrabber --debug-level 5 --leaconfigfile /home/afa/.fa/firewalls/m_1_1_1_1/lea.conf --configfile /usr/share/fa/data/fw1-loggrabber.conf -s 10 2>&1 | grep -i error
Info: Trying non-authenticated OPSEC LEA connection to 1.1.1.1
Info: Running: sha2_fw1-loggrabber --debug-level 0 --leaconfigfile /home/afa/.fa/firewalls/m_1_1_1_1/lea.conf --configfile /usr/share/fa/data/fw1-loggrabber.conf -s 10 2>&1 | grep -i error
Error: OPSEC returned the following error: ERROR: No communication.

Error: Failed to establish both authenticated and non-authenticated LEA connection to 1.1.1.1
Info: Authenticated LEA connection in debug mode results:
ERROR: No communication.
[ 18430 4149548752]@USFPBPSLACS01[3 Jul 5:30:33] sic_client_connected: SIC error - Client could not connect to server
ERROR: No communication.
[ 18430 4149548752]@USFPBPSLACS01[3 Jul 5:31:08] sic_client_connected: SIC error - Client could not connect to server

0 Kudos
7 Replies
_Val_
Admin
Admin

How do you know the connectivity is fine? Can you see LEA requests on your MGMT with tcpdump?

0 Kudos
_Val_
Admin
Admin

Did you actually establish SIC between Algosec server any our CP management server? The last lines hind that you did not. 

0 Kudos
LostBoY
Advisor

Ok so i verified the connectivity ..
i am able to telnet Mgmt Server on port 18190 and 18210 from Algosec
However... i cannot telnet 18184 ..is it possible that MGMT server is not listening on port 18184 ? how can i verify and rectify this.
0 Kudos
John_Fulater
Contributor

1. Find the file fwopsec.conf in the conf directory.

2. edit to remove the # from the line lea_server auth_port 18184

#
# The Security Gateway/Management default settings are:
#
# sam_server auth_port 18183
# sam_server port 0
#
# lea_server auth_port 18184
# lea_server port 0
#
# ela_server auth_port 18187
# ela_server port 0
#
# cpmi_server auth_port 18190
#
# uaa_server auth_port 19191
# uaa_server port 0
#

4. Save and restart the system.

 

 

 

#

0 Kudos
PhoneBoy
Admin
Admin

Does Algosec have an integration with Log Exporter?
This is how we're integrating with SIEMs and any products that consume Check Point logs going forward.
0 Kudos
John_Fulater
Contributor

Algosec says they are working on the integration of the Log Exporter log information but it is not yet available.

They still use LEA as a transport.

0 Kudos
thomaspetersen
Explorer

Hi

If not allready solved, try to switch to ssh and API instead

 

br

lars

0 Kudos