Error message 'The SIC infrastructure was unable to establish the connection' when attempting to establish a Check Point firewall as a NetWitness Platform event source

Issue

Error message "The SIC infrastructure was unable to establish the connection" when attempting to establish a Check Point firewall as a NetWitness Platform event source.
The following error message is present in the /var/log/messages file:  Session exit reason: The SIC infrastructure was unable to establish the connection

Cause

The Check Point firewall certificate was used rather than the certificate from the Check Point Smart Center Server Management station.

Resolution

In order to resolve the issue, follow the steps below.

1. In the UI, navigate to ADMIN -> Services
2. Select the Log Collector service and navigate to View -> Config.
3. Click on the Event Sources tab and then select Check Point from the drop-down menu.
4. Select checkpoint under Event Categories.
5. Under Sources, verify that when you define your check Point Client the Server, the Distinguished String is the DN of the Check Point Management Server and not the Check Point firewall.
   A typical example may be CN=cp_mgmt,O=checkpoint..uicypp

Notes

Internal Comments

UserName:shurtj
6/24/2014 2:51:04 PM - Technically Reviewed
Technically reviewed the article and changed its status to Copy Edited. Changed Goal statement to Symptom and modified it along with the title for clarity. Added Fact Statements. Added formatting to the Fix statement and separated the Note statement. Corrected grammatical and spellign errors.

Product Details

RSA Product Set: NetWitness Platform
RSA Product/Service Type: Log Collector (Check Point collection)
RSA Version/Condition: 10.6.x, 11.x, 12.x
Platform: CentOS, AlmaLinux
O/S Version: EL6, EL7

Approval Reviewer Queue

Technical approval queue