On This Page
Monitoring a Check Point Management Server with Non-Standard LEA Authentication
Overview
If a monitored Check Point management server (CMA, SmartCenter, Log Server, or CLM) is configured to use non-standard LEA authentication, SecureTrack must be configured to use the same authentication method.
Verify LEA Authentication Method
- 
                                                        On the Check Point server, open for editing the following file: $FWDIR/conf/fwopsec.conf 
- 
                                                        In the file, find two lines with: lea_server Check if the lines are commented out, that is, if they begin with: #. In this case, the default authentication method and port are being used. In this case, SecureTrack should be configured to use default OPSEC settings. Otherwise, the authentication method and/or port has been specifically configured, and SecureTrack needs to be configured accordingly. For example, the following two lines may appear:lea_server auth_port 18184 
 lea_server auth_type ssl_opsecIn this case SecureTrack must be configured to use ssl_opsec , as in the following steps: 
- In SecureTrack, go to Settings > Configuration > Devices.
- Select the Check Point server, and click Edit configuration.
- Click Next, and again Next.
- 
                                                        If the lea_serverlines were commented out, select Default:
- 
                                                        If the lea_serverlines are not commented out, select Custom, and the appropriate Authentication Mode and Port:
- 
                                                        Depending on the specific Authentication Mode (for Check Point proprietary authentication and for SSL-based authentication), an SSL Secret Key field may appear (as in the above screenshot). In this case, first set a secret key as follows: - On the Check Point management server, run:fw putkey -opsec -ssl <SecureTrackIP>In Provider-1, first make sure to be in the correct environment, by running: mdsenv <CMA/CLM>.
- At the prompt, enter a Secret Key.
 
- On the Check Point management server, run:
- In SecureTrack, type the same SSL Secret Key, and click Establish Authentication Key.
- Click Next, and Save.
- Go to Settings > Administration > Status, and confirm that SecureTrack is connected to the server properly.
Was this helpful?
Thank you!
We’d love your feedback
We really appreciate your feedback
Send this page to a colleague

