0

I have installed Check Point R75.20 splat. Check Point firewall logs can be accessed directly by using OPSEC LEA. For that I need to have a LEA connection.

Now to set up a LEA connection, I need to do the following steps:

1)In the FWDIR\conf directory on the computer where the Check Point Management Server is installed, edit the fwopsec.conf file to include the following line: lea_server port 18184

2)...

My problem is that my FWDIR is not pointing anywhere. Furthermore, if I do a,

find / -name "fwopsec.conf"

I get no results. When searching for the problem, I found that,

FWDIR=/opt/cpfw1-r55

but i dont see any directory as such in my checkpoint platform

I am stuck. What am I missing? Thanks.

ashokadhikari
  • 1,182
  • 3
  • 15
  • 29
  • This is utterly off topic here, but what does it mean "FWDIR is not pointing anywhere"? When you log into expert mode and say "echo $FWDIR", what do you get? Also: do you have a separate management server, and if so, where is the problem, on the management server or on the gateway? – n. m. could be an AI May 25 '12 at 10:51
  • Sorry if that meant something else, but what i meant was that when I do a "echo $FWDIR", i get nothing. FWDIR should be set to some path isnt it. I am also unclear of the "place where the CheckPoint Management Server is installed". When i install Check Point R75.20 splat, where does the mgmt server get installed. Sorry if the question is off the track, but can you direct me somewhere so that i cam understand the thing clearly. – ashokadhikari May 25 '12 at 17:54
  • Obviously the Check Point customer service is the address to complain. FWDIR ought to be set to /opt/CPsuite-R75.20/fw1 or something like that (after you run the first-time setup wizard and reboot). If it's not, then you have done something seriously wrong, I'm not sure what could it be actually. Can you describe your installation procedure? – n. m. could be an AI May 26 '12 at 01:01
  • I had a the iso of the CheckPoint R75.20. I installed it in my VirtualBox. During the checkpoint secure platform installation, it asks for 1)Device List 2)Add Driver 3)Next Step. I headed straight to the next step in installation aftre the installer figured out that mys system was suitable. Then in network interface configuration, I entered a valid IP address, subnet ahd the default gateway IP, then i selected port 443 as the port for SecurePlatform Https web server fro system configuration via browser. Then the installation completed. ...(please see next comment) – ashokadhikari May 26 '12 at 07:51
  • I then changed the username and password logging into the system. I then switched to expert mode, tried echo $FWDIR, but got nothing. THis is what i did. – ashokadhikari May 26 '12 at 07:58
  • You have to complete the first-time setup wizard. Connect to your new machine with a browser over https, and follow the wizard. – n. m. could be an AI May 26 '12 at 08:03
  • I need to allow pop-ups for accessing it via https. THis is what appears in my browser https://192.168.1.111/webis/index.html?=openedAsPopup, now the link doesnot accept any inputs given by me and i cannot continue with the configuration. What might be the problem? Also i get a "xslProcessor.transformDocument is not a function". – ashokadhikari May 26 '12 at 09:37
  • Yes, you do need to explicitly allow pop-ups (and javascript). Sorry about that. The xls problem is a known limitation when using newer Firefox versions. Sorry about that too. You may have to install FF4 or IE in a virtual box to overcome that. – n. m. could be an AI May 26 '12 at 10:21
  • Oh, and since you have to use Windows anyway for the management console, you might just as well use IE. – n. m. could be an AI May 26 '12 at 11:11
  • I used IE and it worked. Thanks. Now in order to pull the logs from CheckPoint firewall, i did the following configuration changes: lea_server auth_port 18184 lea_server auth_type ssl_opsec on file $FWDIR/conf/fwopsec.conf. Now when i scan the server for open ports the port 18184 is not shown as the a open port. How is it that i pull the checkpoint firewall logs. Thanks. – ashokadhikari May 26 '12 at 17:54
  • i forgot to mention that after changing the fwopsec.conf file, i did a cpstop and a cpstart as well. – ashokadhikari May 26 '12 at 17:55
  • I'm afraid I cannot help you any further as I have no kniwledge about OPSEC. Have you tried to talk to Check Point customer service? – n. m. could be an AI May 26 '12 at 18:11
  • Ok, I ll talk to CheckPoint customer service. Thanks a lot for your help :) – ashokadhikari May 27 '12 at 00:41

1 Answers1

2

If you are facing any problems in locating object.c, object_5_o.c, and the rulebases file then you can try another command that has to be run in expert mode: 

cd /opt/CPsuite-R65/fw1/conf

and then type 

ls -l

then you will be able to locate all these files, I too had this problem earlier in firewall installed on virtual box.

jonsca
  • 10,218
  • 26
  • 54
  • 62
rahul
  • 21
  • 2