Hello Experts,
I want to integrate Checkpoint log source to QRadar using Opsec/LEA protocol. I am getting an error message "Unable to pull certificate". I have confirmed with the Checkpoint owner that the configuration is well done. Infact i have requested for the activation one-time password to be generated again, yet the issue still persists.
I cant telnet to the checkpoint log source on port 18210, but 18184 is fine. But the Checkpoint network administrator confirmed that these ports are opened are logs are seen going through these ports from QRadar.
Reviewing the /var/log/qradar.error, i get the message as seen on the screen shot.
Kindly assist me on how to troubleshoot and resolve this issue. This was working with the Qradar console, i am migrating log sources to EP.
------------------------------
benjamin Nworah
------------------------------