AnsweredAssumed Answered

Problems connecting to the СheckPoint

Question asked by RSA Admin Employee on Apr 4, 2015
Latest reply on Apr 27, 2015 by Deepanshu Sood

Hello Everyone.

firewalls connect to the RSA SA. Customizable according to instructions "Check Point Security Suite, IPS-1".

Сreated Host, then SA_OPSEC. Open ports in CP-  FW1_ica_Pull (18184) end FW_lea(18210).

when connecting LogCollector an error:


Collect log Type - Security


[processing] [WorkUnit] [processing] SC-01-KVVSGES:xxx.xxx.xxx.xxx:Session starting: sdn=cn=cp_mgmt,o=SC-01.KVVGES..8pfha6 cdn=CN=SA_OPSEC,O=SC-01.KVVGES..8pfha6 cen=SA_OPSEC kfp=/etc/netwitness/ng/truststore/checkpoint_SC_01_KVVSGES.p12 file=0 record=0 log=security-current start=end count=5000 time=120"

[processing] [WorkUnit] [processing] SC-01-KVVSGES:xxx.xxx.xxx.xxx:Client Version Full Description(Opsec SDK 6.0 patch=1 build=591000010 6.0) Version(6000)"

[processing] [WorkUnit] [processing] SC-01-KVVSGES:xxx.xxx.xxx.xxx:Time to establish session(00:00:00.003387)"

[processing] [WorkUnit] [processing] SC-01-KVVSGES:xxx.xxx.xxx.xxx:Session exit reason: The SIC infrastructure was unable to establish the connection"

[processing] [WorkUnit] [processing] SC-01-KVVSGES:xxx.xxx.xxx.xxx:Session completed: Total Time(00:00:25.008199) Total Events(0)"


Collect log Type - Audit

[processing] [WorkUnit] [processing] SC-01-KVVSGES:xxx.xxx.xxx.xxx:Session starting: sdn=cn=cp_mgmt,o=SC-01.KVVGES..8pfha6 cdn=CN=SA_OPSEC,O=SC-01.KVVGES..8pfha6 cen=SA_OPSEC kfp=/etc/netwitness/ng/truststore/checkpoint_SC_01_KVVSGES.p12 file=0 record=0 log=audit-current start=end count=5000 time=120"

[processing] [WorkUnit] [processing] SC-01-KVVSGES:xxx.xxx.xxx.xxx:Client Version Full Description(Opsec SDK 6.0 patch=1 build=591000010 6.0) Version(6000)"

[processing] [WorkUnit] [processing] SC-01-KVVSGES:xxx.xxx.xxx.xxx:Time to establish session(00:00:00.002976)"

[processing] [WorkUnit] [processing] SC-01-KVVSGES:xxx.xxx.xxx.xxx:Session exit reason: The SIC infrastructure was unable to establish the connection"

[processing] [WorkUnit] [processing] SC-01-KVVSGES:xxx.xxx.xxx.xxx:Session completed: Total Time(00:00:25.008754) Total Events(0)"


The most important thing - the event did not come.

Which one has suggestions, ideas ?

Outcomes