Monitoring a Check Point Management Server with Non-Standard LEA Authentication

If a monitored Check Point management server (CMA, SmartCenter, Log Server, or CLM) is configured to use non-standard LEA authentication, SecureTrack must be configured to use the same authentication method.

To check which LEA authentication method a Check Point management server is using, and configure SecureTrack accordingly:

  1. On the Check Point server, open for editing the following file:

    $FWDIR/conf/fwopsec.conf

  2. In the file, find two lines with:

    lea_server

    Check if the lines are commented out, that is, if they begin with: # . In this case, the default authentication method and port are being used. In this case, SecureTrack should be configured to use default OPSEC settings. Otherwise, the authentication method and/or port has been specifically configured, and SecureTrack needs to be configured accordingly. For example, the following two lines may appear:

    lea_server auth_port 18184
    lea_server auth_type ssl_opsec

    In this case SecureTrack must be configured to use ssl_opsec , as in the following steps:

  3. In SecureTrack, go to Settings > Configuration > Devices.
  4. Select the Check Point server, and click Edit configuration.
  5. Click Next, and again Next.
  6. If the lea_server lines were commented out, select Default:

    Default LEA

  7. If the lea_server lines are not commented out, select Custom, and the appropriate Authentication Mode and Port:

    LEA custom authentication

  8. Depending on the specific Authentication Mode (for Check Point proprietary authentication and for SSL-based authentication), an SSL Secret Key field may appear (as in the above screenshot). In this case, first set a secret key as follows:

    1. On the Check Point management server, run:

      fw putkey -opsec -ssl <SecureTrackIP>

      In Provider-1, first make sure to be in the correct environment, by running:

      mdsenv <CMA/CLM> .

    2. At the prompt, enter a Secret Key.
  9. In SecureTrack, type the same SSL Secret Key, and click Establish Authentication Key.
  10. Click Next, and Save.
  11. Go to Settings > Administration > Status, and confirm that SecureTrack is properly connected to the server.