Video Screencast Help

SSIM & Checkpoint

Created: 27 Oct 2010 | 2 comments
Praetorian's picture

Can anyone help to confirm the following setup for Checkpoint FW1 is adequate:
1. The Checkpoint FW1 hardware is a Nokia box.
2. This Nokia box is managed by a separate Windows based management console.
3. I am using the on-appliance Checkpoint collector on the SSIM server, and set up the management console as according to Page 16 with header "To configure Check Point FireWall-1 for a remote collector installation".

The setup is completed, however, the sensor started and stopped, and there are no logs coming in.

Questions
1. Is the above process correct for such setup?
2. I am using the on-box collector for Checkpoint FW1, can this be supported? Or is it mandatory that the agent and collector MUST be installed on the management console?

Comments 2 CommentsJump to latest comment

TatyanaS's picture

Please, check your collector's logs. Are there any ERROR or WARN messages?

The process you described seems to be correct and, yes, CheckPoint collector supports on-box installation. So, the only way to know why it doesn't work - to examine logs - they should point at the reason. Logs are located here: /opt/Symantec/sesa/Agent/logs/

-Tatyana

Laurent_c's picture

Lots of  checkpoint issues are due to the initial certificate not downloaded by collector.

Cert are located in this folder, /opt/Symantec/sesa/Agent/collectors/checkpoint/certs/ip_address

Make sure it is there.