Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Checkpoint issue

Created: 12 Sep 2013 • Updated: 22 Sep 2013 | 3 comments
sviridov's picture
This issue has been solved. See solution.

Hello Friends,

I am trying to figure out one Checkpoint integration......but always i am getting following error.

1. collector is installed on windows server 2008 x64, agent x32

2. screenshot settings:
http://s017.radikal.ru/i434/1309/19/f5a54f6d1468.png

3. after starting the collector, file appears:
C:\Program Files (x86)\Symantec\EventAgent\collectors\cplea\certs\10.100.140.40\SSIM\opsec.p12
this seems to be a certificate downloaded from the server.
 

4. in the log collector is constantly error:

WARN 2013-09-12 18:07:33,095 Collectors.3608.wGroup.[workinggroup0].SensorThread Thread-239 [Sensor: test-cp2] Restarting the sensor...
INFO 2013-09-12 18:07:33,095 Collectors.3608.wGroup.[workinggroup0].Sensor.[test-cp2] Thread-239 OpsecLeaSensor(test-cp2) is not running
INFO 2013-09-12 18:07:34,109 Collectors.3608.wGroup.[workinggroup0].Sensor.[test-cp2] Thread-239 OpsecLeaSensor(test-cp2) has been opened.
ERROR 2013-09-12 18:07:39,585 Collectors.3608.wGroup.[workinggroup0].Sensor.[test-cp2] Thread-239 OpsecLeaSensor(test-cp2) error in readDevice(). Sensor will be reopened. Details: OPSEC MainLoop has being terminated with errors: Both Security and Audit sessions were ended because The SIC infrastructure was unable to establish the connection to OPSEC Server [SIC_FAILURE]. SIC Error for lea: Client could not choose an authentication method for service lea.
WARN 2013-09-12 18:07:39,585 Collectors.3608.wGroup.[workinggroup0].SensorThread Thread-239 [Sensor: test-cp2] Exception in Sensor thread while reading device. Details:
java.lang.Exception: OpsecLeaSensor(test-cp2) error in readDevice(). Sensor will be reopened. Details: OPSEC MainLoop has being terminated with errors: Both Security and Audit sessions were ended because The SIC infrastructure was unable to establish the connection to OPSEC Server [SIC_FAILURE]. SIC Error for lea: Client could not choose an authentication method for service lea.
 at com.symantec.cas.ucf.sensors.Opsec.OpsecLeaSensor.readDevice(OpsecLeaSensor.java:385)
 at com.symantec.cas.ucf.collector.SensorJob.pollSensor(SensorJob.java:232)
 at com.symantec.cas.ucf.collector.SensorJob.run(SensorJob.java:336)
 at java.lang.Thread.run(Unknown Source)

 

Operating Systems:

Comments 3 CommentsJump to latest comment

Avkash K's picture

Hi,

 

Please refer below article:

http://www.symantec.com/docs/TECH122583

make sure the following line is present in both cpmad_opsec.conf and fwopsec.conf:
 

    • lea_server ip <IP Address of the SmartCenter server>

Note: Do not use 127.0.0.1.
Note: You need to make sure each line needed is present in the .conf files even if the setting is the default.

Regards,

Avkash K

Avkash K's picture

Also not able to reach the screenshot link you have shared.

Request you to upload the image here only.

Regards,

Avkash K

sviridov's picture

I solved the problem:

LEA Server OpSec Entity Sic Name:       CN=cp_mgmt,O=<your name>

All my posts are made by google translator!

SOLUTION