Generate Certificate

Logpoint automatically generates required certificates to retrieve the Check Point Firewall logs. If they are not generated automatically, you can generate them using the command line.

For SIC communication, initialize SIC for the OPSEC application through SmartDashboard clients. If there is an error, you can reset the SIC communication from SmartDashboard or run the following on the Security Management server:

fw putkey -ssl -opsec <ip_of_Logpoint>

1. Access the Logpoint machine from its command-line interface.

2. Enter the following commands to create an opsec.p12 file:

$ cd /opt/immune/app_store/col/pluggable/OPSECFetcher/opsec_fetcher/opsec_tools

$ ./opsec_pull_cert -h <ip_of_server> -n <name_of_opsec_application> -p <password>

3. Use the command fw putkey -ssl -opsec <ip_of_Logpoint> in the security management sever console and then execute the following commands to create two .C files in the current directory:

$ ./opsec_putkey -port 18184 <ip_of_checkpoint_box>

4. Create a file named lea.conf and add the following details:

lea_server ip <ip of checkpoint server>
lea_server auth_port 18184
lea_server auth_type sslca
opsec_sslca_file <absolute_path_to_opsec.p12>
opsec_sic_name "client_dn"
lea_server opsec_entity_sic_name "server_dn"

5. Run the following command to verify certificate generation:

$ /opt/immune/app_store/col/pluggable/OPSECFetcher/opsec_fetcher/opsec_tools
fw1-loggrabber -l lea.conf -c
/opt/immune/app_store/col/pluggable/OPSECFetcher/opsec_fetcher/opsec_tools
fw1-loggrabber.conf --debug-level 2

6. The CheckPoint application log-grabber script extracts the required logs from the LEA server.

We do our best to ensure that the content we provide is complete, accurate and up to date. Logpoint makes no representations or warranties of any kind, express or implied about the documentation. We update it on a best-effort basis.

Last updated 1 day ago

Was this helpful?