I have a problem with Checkpoint Opsec Connector (clear connection). I can't connect to LEA Server but TCP Port 18184 is opened, I checked it by telnet. Ping and telnet to port 18184 through without problems.
Error when I try to connect.
"nested exception is: java.net.SocketTimeoutException: Read timed out"
I don't know if you already solved the problem, but i faced the same problem in a Lab environment probably your SO is x86_64 and the lib of gcc is 64 which the connector does not use.
find /* -name libgcc_s.so.1
if you get only the result
then install the libgcc.i686
yum install libgcc.i686
I can solve this problem. For clear connection of Checkpoint, you need to copy these 2 files, msvcp71.dll and msvcr71.dll, to the folder as following;
1. For Windows OS 32bit >> c:\windows\system32
2. For Windwos OS 64bit >> c:\windows\SysWOW64
and restart connector and test to collect the log. You can download files from this link
Hope this help.
When i am installing Smartconnector (ArcSight-188.8.131.5279.0-Connector-Win) for Checkpoint at verfying page it gives an error "Connector table parameters did not pass the verification with error ......."
I am able to telnet from the connector machine to Checkpoint management server on 18184.
The link which you have provided are the files for Windows 7 but i have installed the connector on Windows 2012 R2 Server.
Will the solution work for me as well.
I also have faced same problem with you. Install SmartConnector 7.0.6 and configure to collect CheckPoint log with clear connection. When I submit, it displays error "Connector table parameters did not pass the verification with error ......." same as you.
But I install on Windows 2008 R2 and download 2 files, msvcp71.dll and msvcr71.dll, as I told before to solve the problem which it's work and can collect CheckPoint's log.
I'm not sure this method can help and solve the problem of you, Windows server 2012 R2. should try.
Here's some checkpoint troubleshooting tips.
1. load your log entries in We! Analyze - Automated Connector Log Analyzer and check the knowledge database in the application to check for strange activities + explanations.
2. Because you have problems with the CPU capacity you can do some performance checking using the Smartconnector Healthchecks. ArcSight Connector health check to be specific: logfu performance checking
3. Have you upgraded your Smartconnector to the latest version? (or recently upgraded, maybe you need to downgrade)
As addition you can troubleshoot checkpoint connections on a lower level, i don't think you need it for this problem, but just in case i added it.
I have some tips for troubleshooting checkpoint smartconnectors.
- Try it without (SSL) authentication first.
- Check the SIC name of the checkpoint object and the arcsight configuration file
- Try deleting the LEA object inside the checkpoint environment and reconfiguring it.
- Use FW1-grabber tool on the lowest debug level.
1. Configure it for the checkpoint connection (right certificate, SIC and IP)
2. Define in the config files u want the lowest debug level (i think there is 0 to 3).
3. Run it and check whats happening.
DEBUG_LEVEL=<0-3> - Sets the debuglevel to the specified value. A debuglevel of 0 means no output of debug informations. Further debuglevels will cause output of program specific as well as OPSEC specific debug informations. This parameter can be overwritten by --debug-level command-line option.
Tip: you can use the tool also to pull .log files over the LEA connection in offline mode and with the -showlogs parameter
Attached the manual page.
Also i added the Checkpoint Connector Troubleshooting guide (really helpfull!)
I would like to know what changes you have performed to resolve the issue.
Have you changed default LEA port from 18184 to 18189 ?
Have you commented out the " lea_server auth_port 0"
Please confirm . Please also update if you have done some additional changes to resolve the issue ?
Thanks & Regards,