Absent Member.
Absent Member.
3268 views

Checkpoint Clear connection problem

Jump to solution

Hi all.

I have a problem with Checkpoint Opsec Connector (clear connection). I can't connect to LEA Server but TCP Port 18184 is opened, I checked it by telnet. Ping and telnet to port 18184 through without problems.

Error when I try to connect.

"nested exception is: java.net.SocketTimeoutException: Read timed out"

Labels (2)
0 Likes
1 Solution

Accepted Solutions
Absent Member.
Absent Member.

Hi.

I change lea settings on checkpoint.

#  lea_server  auth_port   0
   lea_server   port   18189

View solution in original post

0 Likes
14 Replies
Absent Member.
Absent Member.

I don't know if you already solved the problem, but i faced the same problem in a Lab environment probably your SO is x86_64 and the lib of gcc is 64 which the connector does not use.

type:

find /* -name libgcc_s.so.1

if you get only the result

/lib64/libgcc_s.so.1

then install the libgcc.i686

yum install libgcc.i686

0 Likes
Absent Member.
Absent Member.

Hi. I have already solved this problem.

0 Likes
Absent Member.
Absent Member.

Hello Mikhail Samoylov,

How do you solve this problem? Please help me.

0 Likes
Absent Member.
Absent Member.

What the solution? Please share the same. I am having the same issue not able to install the connector

Regards,

Manoj

0 Likes
Absent Member.
Absent Member.

Hi All,

I can solve this problem. For clear connection of Checkpoint, you need to copy these 2 files, msvcp71.dll and msvcr71.dll, to the folder as following;

1. For Windows OS 32bit >> c:\windows\system32

2. For Windwos OS 64bit >> c:\windows\SysWOW64

and restart connector and test to collect the log. You can download files from this link

Fix Windows 7 Msvcp71.dll And Msvcr71.dll Missing Error

Hope this help.

Theeradach

0 Likes
Absent Member.
Absent Member.

Hi.

I change lea settings on checkpoint.

#  lea_server  auth_port   0
   lea_server   port   18189

View solution in original post

0 Likes
Absent Member.
Absent Member.

Hi,

When i am installing Smartconnector (ArcSight-7.0.7.7279.0-Connector-Win) for Checkpoint at verfying page it gives an error "Connector table parameters did not pass the verification with error ......."

I am able to telnet from the connector machine to Checkpoint management server on 18184.

The link which you have provided are the files for Windows 7 but i have installed the connector on Windows 2012 R2 Server.

Will the solution work for me as well.

Regards,

Manoj Sharma.

0 Likes
Absent Member.
Absent Member.

Hi Manoj,

I also have faced same problem with you. Install SmartConnector 7.0.6 and configure to collect CheckPoint log with clear connection. When I submit, it displays error "Connector table parameters did not pass the verification with error ......." same as you.

But I install on Windows 2008 R2 and download 2 files, msvcp71.dll and msvcr71.dll, as I told before to solve the problem which it's work and can collect CheckPoint's log.

I'm not sure this method can help and solve the problem of you, Windows server 2012 R2. should try.

Regards,

Theeradach N.

0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Hi,

Here's some checkpoint troubleshooting tips.

1. load your log entries in We! Analyze - Automated Connector Log Analyzer and check the knowledge database in the application to check for strange activities + explanations.

2. Because you have problems with the CPU capacity you can do some performance checking using the Smartconnector Healthchecks. ArcSight Connector health check  to be specific: logfu performance checking

3. Have you upgraded your Smartconnector to the latest version? (or recently upgraded, maybe you need to downgrade)

As addition you can troubleshoot checkpoint connections on a lower level, i don't think you need it for this problem, but just in case i added it.

I have some tips for troubleshooting checkpoint smartconnectors.

- Try it without (SSL) authentication first.

- Check the SIC name of the checkpoint object and the arcsight configuration file

- Try deleting the LEA object inside the checkpoint environment and reconfiguring it.

- Use FW1-grabber tool on the lowest debug level.

Download: http://fw1-loggrabber.sourceforge.net/

1. Configure it for the checkpoint connection (right certificate, SIC and IP)

2. Define in the config files u want the lowest debug level (i think there is 0 to 3).

3. Run it and check whats happening.

DEBUG_LEVEL=<0-3> - Sets the debuglevel to the specified value. A debuglevel of 0 means no output of debug informations. Further debuglevels will cause output of program specific as well as OPSEC specific debug informations. This parameter can be overwritten by --debug-level command-line option.

Tip: you can use the tool also to pull .log files over the LEA connection in offline mode and with the -showlogs parameter

Attached the manual page.

Also i added the Checkpoint Connector Troubleshooting guide (really helpfull!)

Kind regards,

Jurgen

0 Likes
Absent Member.
Absent Member.

Hi Mikhail,

I would like to know what changes you have performed to resolve the issue.

Have you changed default LEA port from 18184 to 18189 ?

Have you commented out the " lea_server auth_port 0"

Please confirm . Please also update if you have done some additional changes to resolve the issue ?

Thanks & Regards,

Pratik

0 Likes
Absent Member.
Absent Member.

Hi.

My conf for clear connection.

#  lea_server  auth_port   0
   lea_server   port   18189
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.