Getting Data In

OPSEC LEA - opsec_putkey fail

gskorski
Explorer

Hi,

I'm trying to configure Splunk with Checkpoint.
I have an error during the opsec_putkey on the splunk server :


Without the debug option:

root@splk01:linux22# ./opsec_putkey -ssl -port 18184 10.1.2.14
Please enter secret key:
Please enter secret key again:
 FW: Received new control security key from 10.1.2.14

Failed to initialize authentication with 10.1.2.14

With the debug option :

root@splk01:/linux22#./opsec_putkey -debug -ssl -port 18184 10.1.2.14
Please enter secret key:
Please enter secret key again:
[ 2047]@splk01 PM_policy_create: version 5301.
[ 2047]@splk01 PM_policy_add_name_to_group: finished successfully.
[ 2047]@splk01 PM_policy_set_local_names: () names. finished successfully.
[ 2047]@splk01 PM_policy_create: finished successfully.
[ 2047]@splk01 PM_policy_add_name_to_group: finished successfully.
[ 2047]@splk01 PM_policy_set_local_names: (local_sic_name) names. finished successfully.
[ 2047]@splk01 PM_policy_add_name_to_group: finished successfully.
[ 2047]@splk01 PM_policy_set_local_names: (127.0.0.1) names. finished successfully.
[ 2047]@splk01 PM_policy_add_name_to_group: finished successfully.
[ 2047]@splk01 PM_policy_set_local_names: ("OPSECPUTKEY") names. finished successfully.
[ 2047]@splk01 PM_apply_default_dn: finished successfully.
[ 2047]@splk01 setting fwa1 init password for 10.1.2.14 (10.1.2.14)

[ 2047]@splk01 peers addresses are
[ 2047]@splk01 127.0.1.1
[ 2047]@splk01 10.1.1.75
[ 2047]@splk01 sic_client_do_connect: no server sic name supplied, server sic name is unknown.
[ 2047]@splk01 fwasync_conn_params: <a01014b,50948> -> <a01020e,18184>
[ 2047]@splk01 fwasync_connbuf_realloc: reallocating 0 from 0 to 1028
[ 2047]@splk01 fwasync_connbuf_realloc: reallocating 0 from 0 to 1028
[ 2047]@splk01 sic_client_set_version: 6: protocol version is 59000000
[ 2047]@splk01 call_handlers_list: no conversion done, set cn=cp_mgmt,o=eminem..vyysgi as sic name
[ 2047]@splk01 PM_session_init: given session O(OPSECPUTKEY;cn=cp_mgmt,o=eminem..vyysgi;18184;ssl_opsec).
[ 2047]@splk01 PM_policy_query: input session O(OPSECPUTKEY;cn=cp_mgmt,o=eminem..vyysgi;18184;ssl_opsec).
[ 2047]@splk01 PM_policy_query: rule found (ANY;ANY;ANY;ssl_opsec;ssl(1/1)).
[ 2047]@splk01 PM_policy_query: finished successfully. 1st method = ssl
[ 2047]@splk01 PM_policy_choose: finished successfully. choose: ssl.
[ 2047]@splk01 peers addresses are
[ 2047]@splk01 10.1.2.14
[ 2047]@splk01 resolver_gethostbyaddr: Performing gethostbyaddr for 10.1.2.14
[ 2047]@splk01 fwa1 peername for 10.1.2.14 is 10.1.2.14
[ 2047]@splk01 ckpSSL_PrepareConnection: verify mode: 1
[ 2047]@splk01 My SSL Ciphers:
[ 2047]@splk01 Cipher List:
[ 2047]@splk01 0: ADH-DES-CBC3-SHA        SSLv3 Kx=DH       Au=None Enc=3DES(168) Mac=SHA1

[ 2047]@splk01 1: ADH-RC4-MD5             SSLv3 Kx=DH       Au=None Enc=RC4(128)  Mac=MD5 

[ 2047]@splk01 ckpSSL_NegotiateStep: current state = before/connect initialization
[ 2047]@splk01 is_initialized: new process or forked
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 fwrand_write_seed: Failed to read seed
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 fwrand_write_seed: Failed to write seed: Operation not permitted
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 CkpRegDir: Environment variable CPDIR is not set.
[ 2047]@splk01 GenerateGlobalEntry: Unable to get registry path
[ 2047]@splk01 ckpSSL_fwasync_connected: no connections err -3
[ 2047]@splk01 ckpSSL_fwasync_close: start shutdown
[ 2047]@splk01 ckpSSL_ShutdownHandler: (0) SSLv2/v3 read server hello A
[ 2047]@splk01 ckpSSL_Destroy: close fd 6

Failed to initialize authentication with 10.1.2.14

[ 2047]@splk01 T_event_mainloop_e: T_event_mainloop_iter returns 0
Tags (2)
0 Karma

araitz
Splunk Employee
Splunk Employee

Can you try the most recent version of the app (2.0.0)? It uses sslca rather than putkey.

0 Karma

pnielsentrace3
Engager

If this works the same way the put keys worked with Nortel products many years ago you have to reset the key on the firewall side too.

gskorski
Explorer

No, I haven't retried yet

0 Karma

Jennn
New Member

I have the same problem. Did you ever figure out how to fix this?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...