Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000026862 - Error message 'The SIC infrastructure was unable to establish the connection' when attempting to establish a Check Point firewall as an RSA Security Analytics event source

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 3Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000026862
Applies To	RSA Security Analytics RSA Security Analytics Log Decoder RSA Security Analytics Log Collector Check Point Firewall
Issue	Error message "The SIC infrastructure was unable to establish the connection" when attempting to establish a Check Point firewall as an RSA Security Analytics event source. The following error message is present in the /var/log/messages file: Session exit reason: The SIC infrastructure was unable to establish the connection
Resolution	In order to resolve the issue, follow the steps below. In the Security Analytics UI, navigate to Administration -> Devices. Select the Log Collector device and navigate to View -> Config. Click on the Event Sources tab and then select Check Point from the drop down menu. Select checkpoint under Event Categories. Under Sources, verify that when you define your check Point Client the Server, the Distinguished String is the DN of the Check Point Management Server and not the Check Point firewall. A typical example may be CN=cp_mgmt,O=checkpoint..uicypp If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.
Notes	See below for an example of a Check Point firewall configuration: Client Distinguished: CN=LogCollector_OPSEC,O=checkpoint..uicypp Client Entity Name: LogCollector_OPSEC Server Distinguished: CN=cp_mgmt,O=checkpoint..uicypp
Legacy Article ID	a65846

Attachments

Outcomes

0 Comments

Recommended Content