- CheckMates
- :
- Products
- :
- Developers
- :
- API / CLI Discussion
- :
- Re: Log cleaning rule
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Log cleaning rule
One of the things that all firewall administrators should do is to create a log cleaning rule. As an example, a firewall connected to a windows networks will receive a lot of network broadcast. Those broadcast will be drop and log by default on the clean-up rule. In the long run, this results in a lost of disk space.
To remove those broadcast from the log file and save disk space, you should create a rule without log at the beginning of the rulebase:
The BROADCAST_GROUP should include all the broadcast address from all your gateways:
If you have multiple gateways, this task can become very long to do.
I've created a script to help you automate this task.
The script gets all the checkpoint gateway name and IP, connect to all of them and issue an ifconfig command then create a CSV template for the broadcast objects creation:
1- Gets gateway name and IP from the management API and creates a CSV file
2- Connect to each gateway from that CSV and issue ifconfig to get all the Broadcast address
3- Creates a CSV template with all the discovered Broadcast
4- Create and Import all broadcast objects into a group named BROADCAST_GROUP (API call)
You will automatically gets all the broadcast address from all your gateways into the groupe name BROADCAST_GROUP.
You can run the script either from the Smart Console or from SSH command line on the management server itself.
Happy Scripting
For the full list of White Papers, go here.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Nicolas, this is great!
Thanks for sharing.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This script is really awesome!!!
I tried on my MDS and I had some problems but digging a little bit I found the issue.
mdsenv "domain" is mandatory in a multi domain environment. I added it as third line and added in all mgmt_cli commands -d "domain".
Thanks a lot
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Great job Nicolas!
Just one comment - the show-simple-gateways command will return only first 50 gateways by default.
Robert.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I added limit 500 to override this
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Will this rule affect a DHCP server running on Gaia gateways? When a newly connected host sends dchp-request to 255.255.255.255.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would think you could still put a rule in place above the cleanup rule that specifically permits the DHCP required protocols (dhcp-request and dhcp-reply) without permitting all broadcast traffic.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The stealth rule will block those requests anyway. If you run the DHCP server on your gateway, you will need to add rule before the Stealth rule.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
could you show link to script ? may be something happened with my browser , but i not see any link to script.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi dude,
Could you find script?
