Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
paparthi1 Trusted Contributor.
Trusted Contributor.
417 views

To integrate Checkpoint Endpoint Security logs into ArcSight but facing Lea connectivity issue.

We are trying to integrate Checkpoint Endpoint Security logs into ArcSight but facing Lea connectivity issue.

CheckPoint R77.20 Policy server is used to configure for Lea connectivity and below settings have been added to fwopsec.conf file on this Policy Server for clear connection:

lea_server port 18184

lea_server auth_port 0

We were able to successfully telnet to the Check Point Policy server over port 18184 from ArcSight SmartConnector server before updating the fwopsec.conf file. After the fwopsec.conf file updated with above lea config and cp service restarted, we were not even able to telnet to Policy server over port 18184 and received error on Connector "Unable to connect to lea server -1:1 connection test failed".

Please suggest a possible solution to the above issue ASAP and also verify the lea config syntax:

lea_server port 18184

lea_server auth_port 0

Is there SPACE or TAB used in both the lines, please confirm ?

Thanks

Parthiban

Email : papu.parthi@gmail.com    

Ph :+91-8939780165

Labels (1)
0 Likes
2 Replies
Acclaimed Contributor.. Volker Michels Acclaimed Contributor..
Acclaimed Contributor..

Re: To integrate Checkpoint Endpoint Security logs into ArcSight but facing Lea connectivity issue.

Did you pull the opsec certificate to the connector as described in the "SmartConnector for Check Point OPSEC NG Configuration Guide"?

0 Likes
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Re: To integrate Checkpoint Endpoint Security logs into ArcSight but facing Lea connectivity issue.

In order changes in fwopsec.conf take effect firewall needs to be restarted as written in guide

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.