https://community.checkpoint.com/t5/Spark-Firewall-SMB/Which-traffic-does-LDAP-use/m-p/14314#M354 <HTML><HEAD></HEAD><BODY><P>That should be possible by checking the LDAP server IP and the VPN community settings. All traffic to the remote site on SMBs goes thru the VPN tunnel, in WebGUI we only can exclude admin access traffic to the gateway by the <EM>Advanced Setting &gt; VPN Site to Site global settings - Override 'Route all traffic to remote VPN site' configuration&nbsp;for admin access to the device</EM>. Or, you can use a special configuration file, see <A href="https://community.checkpoint.com/docs/DOC-2834">Locally managed SMBs vpn_table.def file</A>.</P><P></P><P>Strange is that you are using this 1470 like a 770 - using central management would make it easy to exclude services from VPN, also enable the second processor core and even give you logs with names <IMG src="https://community.checkpoint.com/legacyfs/online/checkpoint/emoticons/wink.png" />...</P></BODY></HTML> Thu, 12 Apr 2018 08:38:10 GMT G_W_Albrecht 2018-04-12T08:38:10Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Which-traffic-does-LDAP-use/m-p/14309#M349 <HTML><HEAD></HEAD><BODY><P>Hi Checkmates,</P><P></P><P>I would like to ask about the status for this 1470 firewall.</P><P>Regarding the LDAP traffic which is about 40MB.</P><P>Does it mean it is using the site to site traffic or some internet connection got ldap protocol?</P><P><IMG alt="" class="image-1 jive-image j-img-original" src="https://community.checkpoint.com/legacyfs/online/checkpoint/64521_LDAP.jpeg" style="width: 620px; height: 240px;" /></P><P></P><P>Thank you.</P></BODY></HTML> Wed, 11 Apr 2018 04:56:27 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Which-traffic-does-LDAP-use/m-p/14309#M349 Aznaz_Reflectio 2018-04-11T04:56:27Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Which-traffic-does-LDAP-use/m-p/14310#M350 <HTML><HEAD></HEAD><BODY><P>Hi Aznaz,</P><P></P><P>see&nbsp;<A href="https://community.checkpoint.com/docs/DOC-2740">Ports Used for Communication by Various Check Point Modules (new version)</A>.</P><P></P><P>Regards</P><P>Heiko</P></BODY></HTML> Wed, 11 Apr 2018 05:27:31 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Which-traffic-does-LDAP-use/m-p/14310#M350 HeikoAnkenbrand 2018-04-11T05:27:31Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Which-traffic-does-LDAP-use/m-p/14311#M351 <HTML><HEAD></HEAD><BODY><P>Hello Aznaz,</P><P></P><P>I believe this graphic shows statistics for all the traffic, not only from the internet, so this&nbsp;could be ldap from the site-to-site traffic.</P></BODY></HTML> Wed, 11 Apr 2018 14:27:23 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Which-traffic-does-LDAP-use/m-p/14311#M351 Pedro_Espindola 2018-04-11T14:27:23Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Which-traffic-does-LDAP-use/m-p/14312#M352 <HTML><HEAD></HEAD><BODY><P>Thanks for the information sharing..</P></BODY></HTML> Thu, 12 Apr 2018 02:43:26 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Which-traffic-does-LDAP-use/m-p/14312#M352 Aznaz_Reflectio 2018-04-12T02:43:26Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Which-traffic-does-LDAP-use/m-p/14313#M353 <HTML><HEAD></HEAD><BODY><P>is there any way for me to verify this.?</P></BODY></HTML> Thu, 12 Apr 2018 02:44:16 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Which-traffic-does-LDAP-use/m-p/14313#M353 Aznaz_Reflectio 2018-04-12T02:44:16Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Which-traffic-does-LDAP-use/m-p/14314#M354 <HTML><HEAD></HEAD><BODY><P>That should be possible by checking the LDAP server IP and the VPN community settings. All traffic to the remote site on SMBs goes thru the VPN tunnel, in WebGUI we only can exclude admin access traffic to the gateway by the <EM>Advanced Setting &gt; VPN Site to Site global settings - Override 'Route all traffic to remote VPN site' configuration&nbsp;for admin access to the device</EM>. Or, you can use a special configuration file, see <A href="https://community.checkpoint.com/docs/DOC-2834">Locally managed SMBs vpn_table.def file</A>.</P><P></P><P>Strange is that you are using this 1470 like a 770 - using central management would make it easy to exclude services from VPN, also enable the second processor core and even give you logs with names <IMG src="https://community.checkpoint.com/legacyfs/online/checkpoint/emoticons/wink.png" />...</P></BODY></HTML> Thu, 12 Apr 2018 08:38:10 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Which-traffic-does-LDAP-use/m-p/14314#M354 G_W_Albrecht 2018-04-12T08:38:10Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/Which-traffic-does-LDAP-use/m-p/14315#M355 <HTML><HEAD></HEAD><BODY><P>Do you have accept logs enabled? Hosts using LDAP service usually make connections&nbsp;every few minutes. So checking the logs with the filter "service:ldap" should show you where the traffic is going.</P><P></P><P>If you see ldap traffic going both to the internet and to VPN sites, then you will not be able to check how much of the 40MB went to each destination. This would only be possible on a central management with SmartEvent.</P></BODY></HTML> Thu, 12 Apr 2018 13:43:26 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/Which-traffic-does-LDAP-use/m-p/14315#M355 Pedro_Espindola 2018-04-12T13:43:26Z