pratikp Absent Member.
Absent Member.
1949 views

Checkpoint LEA Connection Issue

Jump to solution

Dear All,

I am installing Checkpoint smart connector on ArcMC 2.0.

I have done below configuration on firewall management server

"lea_server port 18184

lea_server auth_port 0 "

I can able to telnet to server but during connection I am receiving below error

"-1:[X] Unable to connect to the Lea Server[10.1.1.1] -1:2 connection tests failed ! ]"

Does anyone received such error ? any specific configuration has been missed by me ??

Please assist.

Thanks & Regards,

Pratik

Labels (2)
0 Likes
1 Solution

Accepted Solutions
Highlighted
pratikp Absent Member.
Absent Member.

Re: Checkpoint LEA Connection Issue

Jump to solution

Dear All,

Issue has been resolved.

Issue was with configuration at checkpoint management server end.

Thank you all for your support.

Regards,

Pratik

0 Likes
11 Replies
implementation Absent Member.
Absent Member.

Re: Checkpoint LEA Connection Issue

Jump to solution

Is the firewall rule set for LEA bidirectional ?

0 Likes
pratikp Absent Member.
Absent Member.

Re: Checkpoint LEA Connection Issue

Jump to solution

Hi,

Are you referring to rule required for tracking events as mentioned in configuration document

If yes, then logging should be enabled on firewall rules whose logs needs to be integrated in arcsight.

Please correct me if my understanding is wrong ?

Thanks & Regards,

Pratik

0 Likes
rkent1 Acclaimed Contributor.
Acclaimed Contributor.

Re: Checkpoint LEA Connection Issue

Jump to solution

I'm not too familiar with ArcSight's LEA agent, but there seems to be the exact same issue here -> https://protect724.hp.com/message/47551#47551

User responded further down with a similar issue, and resolved it with the following:

Quoted from link above: "


1. From Command prompt- Check the connectivity from ArcSight connector checkpoint lea_client to Checkpoint LEA server. By using the following command:


D:\ArcSightSmartConnectors\EPM-Checkpoint\current\bin\agent\checkpoint\OPSECNG\win32> lea_client -m online  -t clear -h <CheckPoint IP> -p 18185


2. Then we identified the following error:


Check Point OPSEC NG connector fails to connect to LEA Server due to missing dll files (msvcp71.dll and msvcr71.dll) needed for lea_client.exe


3. To rectify this problem, we have downloaded and copied the following files to the C:\Windows\SysWOW64 directory for supported Windows 64-bit systems, or to the C:\Window\System32 directory for supported Windows 32-bit systems:


  • msvcp71.dll
  • msvcr71.dll


After completing these steps we restarted the connector and was able to connect and fetch the logs.


"

0 Likes
pratikp Absent Member.
Absent Member.

Re: Checkpoint LEA Connection Issue

Jump to solution

Dear Richard,

Thanks for response but solution which you are referring to is not applicable to me as I am using ArcMC which is on Linux platform.

Regards,

Pratik

0 Likes
pratikp Absent Member.
Absent Member.

Re: Checkpoint LEA Connection Issue

Jump to solution

Dear All,

Request you to assist me in resolving this issue.

Thanks & Regards,

Pratik

0 Likes
Highlighted
pratikp Absent Member.
Absent Member.

Re: Checkpoint LEA Connection Issue

Jump to solution

Dear All,

Issue has been resolved.

Issue was with configuration at checkpoint management server end.

Thank you all for your support.

Regards,

Pratik

0 Likes
katirea
New Member.

Re: Checkpoint LEA Connection Issue

Jump to solution
Cuál fue la solución que realizo el administrador del Checkpoint?
0 Likes
eugene.rostofsk1
New Member.

Re: Checkpoint LEA Connection Issue

Jump to solution

Hi Pratik,

Could you please share with the community what was wrong and how you fixed it?

Thanks

0 Likes
rkent1 Acclaimed Contributor.
Acclaimed Contributor.

Re: Checkpoint LEA Connection Issue

Jump to solution

Bump. No rush, whenever you get a few mins some clues for the next time a P724er got stuck would be really helpful.

0 Likes
Brutus Absent Member.
Absent Member.

Re: Checkpoint LEA Connection Issue

Jump to solution

Please share the actual solution.

0 Likes
pratikp Absent Member.
Absent Member.

Re: Checkpoint LEA Connection Issue

Jump to solution

Dear All,

Issue was stupid mistake in configuration at management server end.

Some what like this

"lea_server port 0

lea_server auth_port 18184 "

Regards,

Pratik

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.