Add Checkpoint SmartCentre to MARS

Unanswered Question
Apr 3rd, 2008

I have Mars v4.2.6 and I wish to add checkpoint. I've gone through all the instruction as per the user guide and yet I still can't get this to work. When I click discover (under MARS) I get the following message: "CPMISessionNew failed messg: NO Error" I've double checked all the configurations DN's etc but it still fails. I get the certificate fine and doing a Telnet fromj MARS to the TCP ports as instructed seems to work OK. I am receiving events from Checkoint, but understand that MARS needs to be able to Log onto Checkpoint in order to do the correlation correctly. I can't find any matching bugs or descriptions of the error anywhere on CCO. Google also returns zero matches for the error message

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
jsivulka Wed, 04/09/2008 - 09:27

It looks as if the fwopsec.conf file is the first misconfiguration found in the setup which leads to the error message. For resolved:

1. Create a drop rule and do not log to DB on MARS, specify the devices

from which you do not want log. MARS will still receive the logs but

will not process and you can get logs only from desired.

2. Use fwlogsum on Smartcentre and fetch the required logs using ftp:

detail about fwlogsum :

mhellman Thu, 05/08/2008 - 04:19

FWIW, MARS does need to login to the checkpoint for correlation, because it has to login to even get events. It think it may need to do something different as part of topology discovery though.

You don't mention what version of checkpoint we're talking about. You're on an older version of MARS and support for newer CP versions have been added. I would recommend upgrading to the latest version (there are 4 newer versions).


This Discussion