000026862 - Error message 'The SIC infrastructure was unable to establish the connection' when attempting to establish a Check Point firewall as an RSA Security Analytics / NetWitness Platform event source

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Sep 27, 2019
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000026862
Applies ToRSA Product Set: Security Analytics, NetWitness Platform
RSA Product/Service Type: Log Collector (Check Point collection)
RSA Version/Condition: 10.6.x, 11.x
Platform: CentOS
O/S Version: EL6, EL7
IssueError message "The SIC infrastructure was unable to establish the connection" when attempting to establish a Check Point firewall as an RSA Security Analytics / NetWitness Platform event source.
The following error message is present in the /var/log/messages file:  Session exit reason: The SIC infrastructure was unable to establish the connection
Resolution

In order to resolve the issue, follow the steps below.



  1. In the UI, navigate to Administration -> Services (or ADMIN -> Services for 11.x).
  2. Select the Log Collector service and navigate to View -> Config.
  3. Click on the Event Sources tab and then select Check Point from the drop-down menu.
  4. Select checkpoint under Event Categories.
  5. Under Sources, verify that when you define your check Point Client the Server, the Distinguished String is the DN of the Check Point Management Server and not the Check Point firewall.
    A typical example may be CN=cp_mgmt,O=checkpoint..uicypp

If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article ID for further assistance.
Notes
See below for an example of a Check Point firewall configuration:



Client Distinguished: CN=LogCollector_OPSEC,O=checkpoint..uicypp


Client Entity Name: LogCollector_OPSEC


Server Distinguished: CN=cp_mgmt,O=checkpoint..uicypp

Legacy Article IDa65846

Attachments

    Outcomes