https://community.checkpoint.com/t5/Cloud-Firewall/AWS-Exporting-Firewall-Logs/m-p/26204#M3414 <HTML><HEAD></HEAD><BODY><P>I'm thinking it will require some configuration and it might be the actual premise of the question. ATRG SK111060 touches on it and thought someone might have some experience setting that up?</P></BODY></HTML> Wed, 12 Sep 2018 01:32:23 GMT Ed_Gonzalez 2018-09-12T01:32:23Z https://community.checkpoint.com/t5/Cloud-Firewall/AWS-Exporting-Firewall-Logs/m-p/26201#M3411 <HTML><HEAD></HEAD><BODY><P>With an on premise management console overseeing the AWS firewalls there is a concern on keeping track of the audit logs. Any recommendations to keep track of them; exporting them locally? Any SK?</P></BODY></HTML> Tue, 11 Sep 2018 23:12:12 GMT https://community.checkpoint.com/t5/Cloud-Firewall/AWS-Exporting-Firewall-Logs/m-p/26201#M3411 Ed_Gonzalez 2018-09-11T23:12:12Z https://community.checkpoint.com/t5/Cloud-Firewall/AWS-Exporting-Firewall-Logs/m-p/26202#M3412 <HTML><HEAD></HEAD><BODY><P>Please clarify your question.</P><P>According to your post, you are already managing the CloudGuard IaaS gateways with conventional, on-premises management server. So you are logging everything to it.</P><P>If this is the case, then it does not matter that your VSAs are in AWS, the logs are still local and are subject to the same backup and recovery procedures as before.</P></BODY></HTML> Tue, 11 Sep 2018 23:17:24 GMT https://community.checkpoint.com/t5/Cloud-Firewall/AWS-Exporting-Firewall-Logs/m-p/26202#M3412 Vladimir 2018-09-11T23:17:24Z https://community.checkpoint.com/t5/Cloud-Firewall/AWS-Exporting-Firewall-Logs/m-p/26203#M3413 <HTML><HEAD></HEAD><BODY><P>That was exactly my&nbsp;assumption but had to ask to confirm things. Thanks!</P></BODY></HTML> Wed, 12 Sep 2018 01:01:42 GMT https://community.checkpoint.com/t5/Cloud-Firewall/AWS-Exporting-Firewall-Logs/m-p/26203#M3413 Ed_Gonzalez 2018-09-12T01:01:42Z https://community.checkpoint.com/t5/Cloud-Firewall/AWS-Exporting-Firewall-Logs/m-p/26204#M3414 <HTML><HEAD></HEAD><BODY><P>I'm thinking it will require some configuration and it might be the actual premise of the question. ATRG SK111060 touches on it and thought someone might have some experience setting that up?</P></BODY></HTML> Wed, 12 Sep 2018 01:32:23 GMT https://community.checkpoint.com/t5/Cloud-Firewall/AWS-Exporting-Firewall-Logs/m-p/26204#M3414 Ed_Gonzalez 2018-09-12T01:32:23Z https://community.checkpoint.com/t5/Cloud-Firewall/AWS-Exporting-Firewall-Logs/m-p/26205#M3415 <HTML><HEAD></HEAD><BODY><P>Sorry, that's for NSX which is totally different but will play a similar challenge since they also bought NSX. With said, is it that easy for AWS to store the logs on local smartconsole? No configurations etc?</P></BODY></HTML> Wed, 12 Sep 2018 02:07:47 GMT https://community.checkpoint.com/t5/Cloud-Firewall/AWS-Exporting-Firewall-Logs/m-p/26205#M3415 Ed_Gonzalez 2018-09-12T02:07:47Z https://community.checkpoint.com/t5/Cloud-Firewall/AWS-Exporting-Firewall-Logs/m-p/26206#M3416 <HTML><HEAD></HEAD><BODY><P>The management interface of the vSEC, or CloudGuard is exposed to the Internet by design and is getting assigned the static public IP as a normal part of the installation process.</P><P>In a sense, it is no different from any remotely managed gateway, such as those located in a bank branches.</P><P>When Management Server connecting to it initially, SIC takes care of establishing secure communication channel for management and log shipping.</P><P>Management server itself though, should be statically NATed on your local gateway to a public IP.</P><P></P><P>Since it'll be the only management server connected to the gateway, it will automatically be defined as a target for logging.</P><P>If you have separate log servers, SmartEvent appliances, etc., situation may be slightly more complex.</P><P></P><P>Cheers,</P><P>Vladimir</P></BODY></HTML> Wed, 12 Sep 2018 03:40:02 GMT https://community.checkpoint.com/t5/Cloud-Firewall/AWS-Exporting-Firewall-Logs/m-p/26206#M3416 Vladimir 2018-09-12T03:40:02Z