Check Point connector issue using lea_client

Document created by jhaprotect on Oct 21, 2015Last modified by jhaprotect on Oct 21, 2015
Version 2Show Document
  • View in full screen mode

Connector: Check Point OPSEC-ADConfig

Authentication mode: sslca

Command [<ArcSight Home>/current/bin/agent/checkpoint/OPSECAD/linux/]: ./lea_client -d on -m online -t sslca -h logserverIP -p 18184 -s CN=ArcSight_Cert_CN,O=host.xyzcompany.com.sfn4ma -f /opt/arcsight/smartconnector/checkpoint/current/user/agent/checkpoint/cert_server_name_opsec.p12 -e CN=host_mgmt,O=host.xyzcompany.com.sfn4ma

 

When using lea_client and getting the following error:

 

Called LeaEndHandler

[ 62823 4151072448]@host.xyzcompany.com[14 Oct  8:31:54] opsec_comm_is_needed:comm 0x9400cd0 1/1 sessions need the comm.

[ 62823 4151072448]@host.xyzcompany.com[14 Oct  8:31:54] pulling dgtype=1 len=0 to list=0x9400cec

[ 62823 4151072448]@host.xyzcompany.com[14 Oct  8:31:54] pulling dgtype=402 len=30 to list=0x9400cec

[ 62823 4151072448]@host.xyzcompany.com[14 Oct  8:31:54] pulling dgtype=ffffffff len=-1 to list=0x9400cec

[ 62823 4151072448]@host.xyzcompany.com[14 Oct  8:31:54] REMOVING comm=0x9400cd0 from ent=0x93f2518 with key=5

[ 62823 4151072448]@host.xyzcompany.com[14 Oct  8:31:54] sic_client_connected: SIC error - Client could not connect to server

[ 62823 4151072448]@host.xyzcompany.com[14 Oct  8:31:54] fwasync_do_end_conn: 16: calling 0x8084ca0 to free opaque 0x94191a0

[ 62823 4151072448]@host.xyzcompany.com[14 Oct  8:31:54] T_event_mainloop_e: T_event_mainloop_iter returns 0

 

This possibly due to the fwopsec.conf on the CP log server having

 

lea_server auth_port 18184

lea_server auth_type sslca

lea_server port 0

 

Solution:

1. Commented out those lines

2. Resync the activation key (reestablish the trust) ie. ./opsec_putkey -ssl cert_server_IP

3. Pull the cert ie. ./opsec_pull_cert -h cert_server_IP -n ArcSight_Cert_CN -p activationkeypassword -o /root/cert_server_IP.p12

4. Save the cert in /opt/arcsight/smartconnector/checkpoint/current/user/agent/checkpoint

5. Rerun the command


When using lea_client and getting the following error:


[ 12041 4151113408]@host.xyzcompany.com[15 Oct  8:20:03] opsec_auth_client_connected: connect failed (147)

[ 12041 4151113408]@host.xyzcompany.com[15 Oct  8:20:03] opsec_auth_client_connected: SIC Error for lea: Authentication error


Solution:

Verify that the CN for the certificate server is correct

Attachments

    Outcomes