Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
LostBoY
Advisor

OPSEC Issue while integrating with Algosec

Hello,

 

I am trying to integrate a Checkpoint Mgmt Server on R80.40 to Algosec.. the ports are opened and connectivity is fine .. however i am getting the following debug logs in algosec.

Am i missing something with the configuration ?

 

Info: get_opsec_certificate: server name: m_1_1_1_1
Info: get_opsec_certificate: server addr: 1.1.1.1
Info: get_opsec_certificate: app name: AWS-Algosec
Info: get_opsec_certificate: CPMI port: 18190
Info: get_opsec_certificate: LEA port: 18184
Info: get_opsec_certificate: CPMI authorization type: sslca
Info: get_opsec_certificate: LEA authorization type: sslca
Info: get_opsec_certificate: CKP R80 or higher: yes
Info: get_opsec_certificate: Certificate was created successfully
CN is CN=AWS-Algosec,O=FW-Mgmt..z7o4t4
Info:creating /home/afa/.fa/firewalls/m_1_1_1_1/opsec_cpmi.conf
Info: Running: sha2_fa_cpmi_get_tables /home/afa/.fa/firewalls/m_1_1_1_1/opsec_cpmi.conf -t -v table applications 2>&1 | grep -i error
Info: OPSEC CPMI connection established to 1.1.1.1
Info: Trying authenticated OPSEC LEA connection to 1.1.1.1
Info: Running: sha2_fw1-loggrabber --debug-level 0 --leaconfigfile /home/afa/.fa/firewalls/m_1_1_1_1/lea.conf --configfile /usr/share/fa/data/fw1-loggrabber.conf -s 10 2>&1 | grep -i error
Error: Failed to establish authenticated LEA connection to 1.1.1.1
Info: Trying authenticated OPSEC LEA connection to 1.1.1.1 in debug mode (results will be shown if non-authenticated will fail as well)
Info: Running: sha2_fw1-loggrabber --debug-level 5 --leaconfigfile /home/afa/.fa/firewalls/m_1_1_1_1/lea.conf --configfile /usr/share/fa/data/fw1-loggrabber.conf -s 10 2>&1 | grep -i error
Info: Trying non-authenticated OPSEC LEA connection to 1.1.1.1
Info: Running: sha2_fw1-loggrabber --debug-level 0 --leaconfigfile /home/afa/.fa/firewalls/m_1_1_1_1/lea.conf --configfile /usr/share/fa/data/fw1-loggrabber.conf -s 10 2>&1 | grep -i error
Error: OPSEC returned the following error: ERROR: No communication.

Error: Failed to establish both authenticated and non-authenticated LEA connection to 1.1.1.1
Info: Authenticated LEA connection in debug mode results:
ERROR: No communication.
[ 18430 4149548752]@USFPBPSLACS01[3 Jul 5:30:33] sic_client_connected: SIC error - Client could not connect to server
ERROR: No communication.
[ 18430 4149548752]@USFPBPSLACS01[3 Jul 5:31:08] sic_client_connected: SIC error - Client could not connect to server

0 Kudos
9 Replies
_Val_
Admin
Admin

How do you know the connectivity is fine? Can you see LEA requests on your MGMT with tcpdump?

0 Kudos
_Val_
Admin
Admin

Did you actually establish SIC between Algosec server any our CP management server? The last lines hind that you did not. 

0 Kudos
LostBoY
Advisor

Ok so i verified the connectivity ..
i am able to telnet Mgmt Server on port 18190 and 18210 from Algosec
However... i cannot telnet 18184 ..is it possible that MGMT server is not listening on port 18184 ? how can i verify and rectify this.
0 Kudos
John_Fulater
Contributor

1. Find the file fwopsec.conf in the conf directory.

2. edit to remove the # from the line lea_server auth_port 18184

#
# The Security Gateway/Management default settings are:
#
# sam_server auth_port 18183
# sam_server port 0
#
# lea_server auth_port 18184
# lea_server port 0
#
# ela_server auth_port 18187
# ela_server port 0
#
# cpmi_server auth_port 18190
#
# uaa_server auth_port 19191
# uaa_server port 0
#

4. Save and restart the system.

 

 

 

#

0 Kudos
PhoneBoy
Admin
Admin

Does Algosec have an integration with Log Exporter?
This is how we're integrating with SIEMs and any products that consume Check Point logs going forward.
0 Kudos
John_Fulater
Contributor

Algosec says they are working on the integration of the Log Exporter log information but it is not yet available.

They still use LEA as a transport.

0 Kudos
thomaspetersen
Explorer

Hi

If not allready solved, try to switch to ssh and API instead

 

br

lars

0 Kudos
Shehan_Wickrama
Collaborator

Hey does Algosec support LogExporter now?

0 Kudos
Tamir_Goren
Employee
Employee

That error is issued by the Algosec client while it is validating the SmartCenter SIC certificate.
Not sure what Algosec does not lie about it.
The solution was to recreate the SmartCenter SIC certificate.
Hope this will help future mates who encounter this error.

BTW - on the cpca.elg (debugs were turned on) you will find the error it got from the Algosec:
ckpSSL_fwasync_connected: err_msg: (Got alert from peer that certificate validation failed)

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events