Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Add Checkpoint SmartCentre to MARS

I have Mars v4.2.6 and I wish to add checkpoint. I've gone through all the instruction as per the user guide and yet I still can't get this to work. When I click discover (under MARS) I get the following message: "CPMISessionNew failed messg: NO Error" I've double checked all the configurations DN's etc but it still fails. I get the certificate fine and doing a Telnet fromj MARS to the TCP ports as instructed seems to work OK. I am receiving events from Checkoint, but understand that MARS needs to be able to Log onto Checkpoint in order to do the correlation correctly. I can't find any matching bugs or descriptions of the error anywhere on CCO. Google also returns zero matches for the error message

3 REPLIES
Bronze

Re: Add Checkpoint SmartCentre to MARS

It looks as if the fwopsec.conf file is the first misconfiguration found in the setup which leads to the error message. For resolved:

1. Create a drop rule and do not log to DB on MARS, specify the devices

from which you do not want log. MARS will still receive the logs but

will not process and you can get logs only from desired.

2. Use fwlogsum on Smartcentre and fetch the required logs using ftp:

detail about fwlogsum : http://www.ginini.com/software/fwlogsum/

New Member

Re: Add Checkpoint SmartCentre to MARS

OK Thanks for that. I'll give it a go when I next visit the client.

Gold

Re: Add Checkpoint SmartCentre to MARS

FWIW, MARS does need to login to the checkpoint for correlation, because it has to login to even get events. It think it may need to do something different as part of topology discovery though.

You don't mention what version of checkpoint we're talking about. You're on an older version of MARS and support for newer CP versions have been added. I would recommend upgrading to the latest version (there are 4 newer versions).

352
Views
5
Helpful
3
Replies
CreatePlease to create content