- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- AWS - Exporting Firewall Logs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
AWS - Exporting Firewall Logs
With an on premise management console overseeing the AWS firewalls there is a concern on keeping track of the audit logs. Any recommendations to keep track of them; exporting them locally? Any SK?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please clarify your question.
According to your post, you are already managing the CloudGuard IaaS gateways with conventional, on-premises management server. So you are logging everything to it.
If this is the case, then it does not matter that your VSAs are in AWS, the logs are still local and are subject to the same backup and recovery procedures as before.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That was exactly my assumption but had to ask to confirm things. Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm thinking it will require some configuration and it might be the actual premise of the question. ATRG SK111060 touches on it and thought someone might have some experience setting that up?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry, that's for NSX which is totally different but will play a similar challenge since they also bought NSX. With said, is it that easy for AWS to store the logs on local smartconsole? No configurations etc?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The management interface of the vSEC, or CloudGuard is exposed to the Internet by design and is getting assigned the static public IP as a normal part of the installation process.
In a sense, it is no different from any remotely managed gateway, such as those located in a bank branches.
When Management Server connecting to it initially, SIC takes care of establishing secure communication channel for management and log shipping.
Management server itself though, should be statically NATed on your local gateway to a public IP.
Since it'll be the only management server connected to the gateway, it will automatically be defined as a target for logging.
If you have separate log servers, SmartEvent appliances, etc., situation may be slightly more complex.
Cheers,
Vladimir