This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ed_Gonzalez
Employee
Employee
‎2018-09-11 04:12 PM

AWS - Exporting Firewall Logs

With an on premise management console overseeing the AWS firewalls there is a concern on keeping track of the audit logs. Any recommendations to keep track of them; exporting them locally? Any SK?

5 Replies
Vladimir
Champion
Champion
‎2018-09-11 04:17 PM

Please clarify your question.

According to your post, you are already managing the CloudGuard IaaS gateways with conventional, on-premises management server. So you are logging everything to it.

If this is the case, then it does not matter that your VSAs are in AWS, the logs are still local and are subject to the same backup and recovery procedures as before.

Ed_Gonzalez
Employee
Employee
‎2018-09-11 06:01 PM
In response to Vladimir

That was exactly my assumption but had to ask to confirm things. Thanks!

0 Kudos
Ed_Gonzalez
Employee
Employee
‎2018-09-11 06:32 PM
In response to Ed_Gonzalez

I'm thinking it will require some configuration and it might be the actual premise of the question. ATRG SK111060 touches on it and thought someone might have some experience setting that up?

0 Kudos
Ed_Gonzalez
Employee
Employee
‎2018-09-11 07:07 PM
In response to Ed_Gonzalez

Sorry, that's for NSX which is totally different but will play a similar challenge since they also bought NSX. With said, is it that easy for AWS to store the logs on local smartconsole? No configurations etc?

0 Kudos
Vladimir
Champion
Champion
‎2018-09-11 08:40 PM
In response to Ed_Gonzalez

The management interface of the vSEC, or CloudGuard is exposed to the Internet by design and is getting assigned the static public IP as a normal part of the installation process.

In a sense, it is no different from any remotely managed gateway, such as those located in a bank branches.

When Management Server connecting to it initially, SIC takes care of establishing secure communication channel for management and log shipping.

Management server itself though, should be statically NATed on your local gateway to a public IP.

Since it'll be the only management server connected to the gateway, it will automatically be defined as a target for logging.

If you have separate log servers, SmartEvent appliances, etc., situation may be slightly more complex.

Cheers,

Vladimir

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events