000012365 - Integrating checkpoint logs with Envision

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012365
Applies ToenVision Core Other
LEA Client is running
IssueIntegrating checkpoint logs with Envsion

There are various things that could cause issues with collecting from Check Point:

Make sure the Check Point Log Viewer is receiving events.

Check Ports are available on both sides:

FW1 (256): Non-authenticated connections

FW_lea (18184): Non-authenticated / authenticated connections

FW_ica_Pull (18210): Sending the Cert file to the appliance

LEA Client Service, check that this has been setup correctly.

If the LEA Client configuration looks good you can enable debugging by going into the enVision Web UI to the Manage Lea Service screen. Select the advanced option triangle and check off the debug option. This will restart the lea service and begin generating 2 debugging file out under the logs folder. LeaConnectionName_opsec_output.log, LeaConnectionName_checkview.log. These 2 files combined will give you a better idea of what is happening during the connection. If using non-auth you would need to modify the port and auth port settings in the fwopsec.conf file for that to work

Legacy Article IDa41323