Moving this to corporate area though I am unsure which area so post back which product it affects and we will move it again Having a guess
Sorry for posting in the wrong area
It is for the Nitro Security Receiver
Ok hope this correct area now
We have had this set up for some time, and have not had any issues, we are on 75.40 What errors do you get?
Device type SMS/CMA
Under options, we have Communication method as SSLCA
Are events coming into the receiver at all, can you do a tcpdump and see if they are coming in?
So we running 9.2.1 Receiver and think we have found a bug on this version of software.
When we try and add a new Checkpoint CMS via the GUI web interface we never actually get it to work and the connection fails. If you then go look in /usr/local/Opsec/configs/ there is no conf file for the CMS we tried to add and within the directory of the CMS IP folder there is no contents. It looks like there is a bug in the software when you try add the Checkpoint CMS via the GUI where it fails as the Checkpoint thinks the SIC trust is setup but the McAfee Receiver doesn’t download the certificate or complete its setup.
What I did then was on the Checkpoint is re-initialize the SIC but because the Checkpoint datasource had already been created on the Receiver I then logged in to the receiver via ssh. I then naviagated to /usr/local/Opsec and manually executed the Opsec executable, this ran but never completed on the McAfee Receiver. Once I could see on Checkpoint the SIC had been established I then proceeded to look in /usr/local/Opsec/configs/ and saw a conf file had been created for the CMS and within the CMS folder there were files. I then exited the Opsec executable and went back into the GUI. Once I was in the GUI I could now open the CMS checkpoint data source and click “connect” and a successful connection occurred. These logs then becgan to work fine.
So there does seem to be a bug when trying to do this via the GUI, thinking we had fixed the issue I then proceeded to add our Checkpoint Logging datasource but the issue here is that in the /usr/local/Opsec/configs/ conf file for this object it refers to the certificate for the CMS config which makes sense, the issue is when we add the Logging server datasource McAfee deletes the cert file from the CMS folder in /usr/local/Opsec/configs/ and therefore breaks all the Checkpoint datasources. I was able to fix the Checkpoint CMS datasource by making a backup of the cert file and restoring this but it now looks like we can’t add our Checkpoint logging server as a data source.
That is very odd. We are actually on R75.46 for CP manager, and 188.8.131.5230619 for the receiver and have not seen any of the issues you describe. You need to make sure the DN string in the CP opsec properties is exact... we did notice that.
I am suffering the same issue as poezie. Has there been any new developements in this discussion that may not have made it to the posts?
I got this resolved with a Hotfix can you advise what version you are running ?
cat /etc/buildstamp ?
We are running 9.2.1 20130619 on the reciever, and R76 on CheckPoint. I am assuming you are asking about the McAfee side? We have just depolyed this and my knowledge is minimal, still learning.