https://community.checkpoint.com/t5/Firewall-and-Security-Management/statefull-inspection-logging-warning-without-dropping/m-p/90291#M79488 <P>hi</P><P>we are in the process of migrating some "legacy" applications from one network topology to a new more robust one.</P><P>To facilitate this migration we would like to enable statefull inspection but only see the log events without actually dropping the nasty traffic. This would faciliate identifying faulty applications.</P><P>Is there a way to do this?</P><P>&nbsp;</P><P>tx</P><P>&nbsp;</P> Wed, 01 Jul 2020 08:51:54 GMT Sebastien_Barbe 2020-07-01T08:51:54Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/statefull-inspection-logging-warning-without-dropping/m-p/90291#M79488 <P>hi</P><P>we are in the process of migrating some "legacy" applications from one network topology to a new more robust one.</P><P>To facilitate this migration we would like to enable statefull inspection but only see the log events without actually dropping the nasty traffic. This would faciliate identifying faulty applications.</P><P>Is there a way to do this?</P><P>&nbsp;</P><P>tx</P><P>&nbsp;</P> Wed, 01 Jul 2020 08:51:54 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/statefull-inspection-logging-warning-without-dropping/m-p/90291#M79488 Sebastien_Barbe 2020-07-01T08:51:54Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/statefull-inspection-logging-warning-without-dropping/m-p/90472#M79489 <P>No, it is not possible to do warning only on out of state connections.</P> <P>Also, mind, disabling stateful is a global feature, and it will affect all managed gateways, unless you set up it as an exception for only some specific SGs, as on this screenshot (Expections / Add / Select Gateways)</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screenshot 2020-07-03 at 12.06.14.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/7091i976AA8595874544F/image-size/large?v=v2&amp;px=999" role="button" title="Screenshot 2020-07-03 at 12.06.14.png" alt="Screenshot 2020-07-03 at 12.06.14.png" /></span></P> Fri, 03 Jul 2020 10:09:31 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/statefull-inspection-logging-warning-without-dropping/m-p/90472#M79489 _Val_ 2020-07-03T10:09:31Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/statefull-inspection-logging-warning-without-dropping/m-p/90477#M79490 <P>hi&nbsp;</P><P>thanks for the feedback. This is indeed what we did (years ago).</P><P>But we are facing the difficulty to identify those bad applications without "breaking" things.</P><P>tx</P><P>&nbsp;</P> Fri, 03 Jul 2020 10:23:56 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/statefull-inspection-logging-warning-without-dropping/m-p/90477#M79490 Sebastien_Barbe 2020-07-03T10:23:56Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/statefull-inspection-logging-warning-without-dropping/m-p/90482#M79491 Hi Sebastian, will it help if you configure a specific port on your sg al monitoring port (promiscous mode) and hook that up to an analyer port on outgoing traffic of Vlan.<BR />Attention: as stated this only monitors the traffic, with inspection. So it doesn't pass traffic, just listens.<BR />In Cisco terms (ER) Span configuration.<BR />Hope this helps, Fri, 03 Jul 2020 13:04:44 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/statefull-inspection-logging-warning-without-dropping/m-p/90482#M79491 Johan_van_Somme 2020-07-03T13:04:44Z