04-03-2008 06:49 AM - edited 03-10-2019 04:03 AM
I have Mars v4.2.6 and I wish to add checkpoint. I've gone through all the instruction as per the user guide and yet I still can't get this to work. When I click discover (under MARS) I get the following message: "CPMISessionNew failed messg: NO Error" I've double checked all the configurations DN's etc but it still fails. I get the certificate fine and doing a Telnet fromj MARS to the TCP ports as instructed seems to work OK. I am receiving events from Checkoint, but understand that MARS needs to be able to Log onto Checkpoint in order to do the correlation correctly. I can't find any matching bugs or descriptions of the error anywhere on CCO. Google also returns zero matches for the error message
04-09-2008 09:27 AM
It looks as if the fwopsec.conf file is the first misconfiguration found in the setup which leads to the error message. For resolved:
1. Create a drop rule and do not log to DB on MARS, specify the devices
from which you do not want log. MARS will still receive the logs but
will not process and you can get logs only from desired.
2. Use fwlogsum on Smartcentre and fetch the required logs using ftp:
detail about fwlogsum : http://www.ginini.com/software/fwlogsum/
05-08-2008 12:47 AM
OK Thanks for that. I'll give it a go when I next visit the client.
05-08-2008 04:19 AM
FWIW, MARS does need to login to the checkpoint for correlation, because it has to login to even get events. It think it may need to do something different as part of topology discovery though.
You don't mention what version of checkpoint we're talking about. You're on an older version of MARS and support for newer CP versions have been added. I would recommend upgrading to the latest version (there are 4 newer versions).
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: