On This Page
Monitoring a Check Point Management Server with Non-Standard LEA Authentication
If a monitored Check Point management server (CMA, SmartCenter, Log Server, or CLM) is configured to use non-standard LEA authentication, SecureTrack must be configured to use the same authentication method.
To check which LEA authentication method a Check Point management server is using, and configure SecureTrack accordingly:
-
On the Check Point server, open for editing the following file:
$FWDIR/conf/fwopsec.conf
-
In the file, find two lines with:
lea_server
Check if the lines are commented out, that is, if they begin with:
#
. In this case, the default authentication method and port are being used. In this case, SecureTrack should be configured to use default OPSEC settings. Otherwise, the authentication method and/or port has been specifically configured, and SecureTrack needs to be configured accordingly. For example, the following two lines may appear:lea_server auth_port 18184
lea_server auth_type ssl_opsecIn this case SecureTrack must be configured to use ssl_opsec , as in the following steps:
- In SecureTrack, go to Settings > Configuration > Devices.
- Select the Check Point server, and click Edit configuration.
- Click Next, and again Next.
-
If the
lea_server
lines were commented out, select Default: -
If the
lea_server
lines are not commented out, select Custom, and the appropriate Authentication Mode and Port: -
Depending on the specific Authentication Mode (for Check Point proprietary authentication and for SSL-based authentication), an SSL Secret Key field may appear (as in the above screenshot). In this case, first set a secret key as follows:
- On the Check Point management server, run:
fw putkey -opsec -ssl <SecureTrackIP>
In Provider-1, first make sure to be in the correct environment, by running:
mdsenv <CMA/CLM>
. - At the prompt, enter a Secret Key.
- On the Check Point management server, run:
- In SecureTrack, type the same SSL Secret Key, and click Establish Authentication Key.
- Click Next, and Save.
- Go to Settings > Administration > Status, and confirm that SecureTrack is properly connected to the server.