000026862 - Error message 'The SIC infrastructure was unable to establish the connection' when attempting to establish a Check Point firewall as an RSA Security Analytics event source

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000026862
Applies ToRSA Security Analytics
RSA Security Analytics Log Decoder
RSA Security Analytics Log Collector
Check Point Firewall
IssueError message "The SIC infrastructure was unable to establish the connection" when attempting to establish a Check Point firewall as an RSA Security Analytics event source.
The following error message is present in the /var/log/messages file:  Session exit reason: The SIC infrastructure was unable to establish the connection
Resolution

In order to resolve the issue, follow the steps below.

  1. In the Security Analytics UI, navigate to Administration -> Devices.
  2. Select the Log Collector device and navigate to View -> Config.
  3. Click on the Event Sources tab and then select Check Point from the drop down menu.
  4. Select checkpoint under Event Categories.
  5. Under Sources, verify that when you define your check Point Client the Server, the Distinguished String is the DN of the Check Point Management Server and not the Check Point firewall.
    A typical example may be CN=cp_mgmt,O=checkpoint..uicypp
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.
Notes
See below for an example of a Check Point firewall configuration:
Client Distinguished: CN=LogCollector_OPSEC,O=checkpoint..uicypp
Client Entity Name: LogCollector_OPSEC
Server Distinguished: CN=cp_mgmt,O=checkpoint..uicypp
Legacy Article IDa65846

Attachments

    Outcomes