Add Checkpoint SmartCentre to MARS

waynem@itgl.com · ‎04-03-2008

I have Mars v4.2.6 and I wish to add checkpoint. I've gone through all the instruction as per the user guide and yet I still can't get this to work. When I click discover (under MARS) I get the following message: "CPMISessionNew failed messg: NO Error" I've double checked all the configurations DN's etc but it still fails. I get the certificate fine and doing a Telnet fromj MARS to the TCP ports as instructed seems to work OK. I am receiving events from Checkoint, but understand that MARS needs to be able to Log onto Checkpoint in order to do the correlation correctly. I can't find any matching bugs or descriptions of the error anywhere on CCO. Google also returns zero matches for the error message

jsivulka · ‎04-09-2008

It looks as if the fwopsec.conf file is the first misconfiguration found in the setup which leads to the error message. For resolved:

1. Create a drop rule and do not log to DB on MARS, specify the devices

from which you do not want log. MARS will still receive the logs but

will not process and you can get logs only from desired.

2. Use fwlogsum on Smartcentre and fetch the required logs using ftp:

detail about fwlogsum : http://www.ginini.com/software/fwlogsum/

waynem@itgl.com · ‎05-08-2008

OK Thanks for that. I'll give it a go when I next visit the client.

mhellman · ‎05-08-2008

FWIW, MARS does need to login to the checkpoint for correlation, because it has to login to even get events. It think it may need to do something different as part of topology discovery though.

You don't mention what version of checkpoint we're talking about. You're on an older version of MARS and support for newer CP versions have been added. I would recommend upgrading to the latest version (there are 4 newer versions).