IBM Security QRadar

Hello Experts,

I want to integrate Checkpoint log source to QRadar using Opsec/LEA protocol. I am getting an error message "Unable to pull certificate". I have confirmed with the Checkpoint owner that the configuration is well done. Infact i have requested for the activation one-time password to be generated again, yet the issue still persists.

I cant telnet to the checkpoint log source on port 18210, but 18184 is fine. But the Checkpoint network administrator confirmed that these ports are opened are logs are seen going through these ports from QRadar.

Reviewing the /var/log/qradar.error, i get the message as seen on the screen shot.

Kindly assist me on how to troubleshoot and resolve this issue. This was working with the Qradar console, i am migrating log sources to EP.

------------------------------
benjamin Nworah
------------------------------

Hello Experts,

Please, i am waiting for a feedback on my recent post.

Thank You

------------------------------
benjamin Nworah
------------------------------

Original Message:
Sent: Sat February 13, 2021 12:02 PM
From: benjamin Nworah
Subject: Checkpoint Opsec Integration with QRadar

Hello Experts,

I want to integrate Checkpoint log source to QRadar using Opsec/LEA protocol. I am getting an error message "Unable to pull certificate". I have confirmed with the Checkpoint owner that the configuration is well done. Infact i have requested for the activation one-time password to be generated again, yet the issue still persists.

I cant telnet to the checkpoint log source on port 18210, but 18184 is fine. But the Checkpoint network administrator confirmed that these ports are opened are logs are seen going through these ports from QRadar.

Reviewing the /var/log/qradar.error, i get the message as seen on the screen shot.

Kindly assist me on how to troubleshoot and resolve this issue. This was working with the Qradar console, i am migrating log sources to EP.

------------------------------
benjamin Nworah
------------------------------

Not sure what version of CheckPoint software you have there, but I recall someone had similarly issues to configure OPSEC/LEA with QRadar and they ended enabling 3DES on the CheckPoint appliance - as it was disabled in some of later updates ( this is the link where they verified CP release notes )

------------------------------
Dusan VIDOVIC
------------------------------

Original Message:
Sent: Mon February 15, 2021 05:31 AM
From: benjamin Nworah
Subject: Checkpoint Opsec Integration with QRadar

Hello Experts,

Please, i am waiting for a feedback on my recent post.

Thank You

------------------------------
benjamin Nworah

Original Message:
Sent: Sat February 13, 2021 12:02 PM
From: benjamin Nworah
Subject: Checkpoint Opsec Integration with QRadar

Hello Experts,

I want to integrate Checkpoint log source to QRadar using Opsec/LEA protocol. I am getting an error message "Unable to pull certificate". I have confirmed with the Checkpoint owner that the configuration is well done. Infact i have requested for the activation one-time password to be generated again, yet the issue still persists.

I cant telnet to the checkpoint log source on port 18210, but 18184 is fine. But the Checkpoint network administrator confirmed that these ports are opened are logs are seen going through these ports from QRadar.

Reviewing the /var/log/qradar.error, i get the message as seen on the screen shot.

Kindly assist me on how to troubleshoot and resolve this issue. This was working with the Qradar console, i am migrating log sources to EP.

------------------------------
benjamin Nworah
------------------------------

Hi,

it's hard to tell why it doesnt work since we don't see your configuration parameters.

Maybe you can check out this link: https://www.ibm.com/support/pages/qradar-checkpoint-troubleshooting-overview

Otherwise, you can talk to IBM support, which may be faster, since they will ask for your log files.

Regards,
Bruno

------------------------------
BrunoMarX
------------------------------

Original Message:
Sent: Sat February 13, 2021 12:02 PM
From: benjamin Nworah
Subject: Checkpoint Opsec Integration with QRadar

Hello Experts,

I want to integrate Checkpoint log source to QRadar using Opsec/LEA protocol. I am getting an error message "Unable to pull certificate". I have confirmed with the Checkpoint owner that the configuration is well done. Infact i have requested for the activation one-time password to be generated again, yet the issue still persists.

I cant telnet to the checkpoint log source on port 18210, but 18184 is fine. But the Checkpoint network administrator confirmed that these ports are opened are logs are seen going through these ports from QRadar.

Reviewing the /var/log/qradar.error, i get the message as seen on the screen shot.

Kindly assist me on how to troubleshoot and resolve this issue. This was working with the Qradar console, i am migrating log sources to EP.

------------------------------
benjamin Nworah
------------------------------