- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Re: AWS Management Server and separate Logging Ser...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
AWS Management Server and separate Logging Server
Does AWS support having a separate Management Server and a separate Logging Server? I see that the CFT template only supports R80.10 at the moment, so does that mean that R80.20 is not supported at the moment for having two separate servers, one as the management server and one as the logging server?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is it generally supported? Yes.
It's possible the CloudFormation templates have not been updated for R80.20 yet, but I would think you can just change the AMI ID in the json to the R80.20 AMI and it should work fine.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you Dameon, I will try out your recommendation by changing the AMI ID in the json template to be the R80.20 image.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Dameon,
For the dedicated logging server, I deployed an EC2 instance of the Check Point R80.20 Management server through the AWS marketplace instead of building it out via a CFT since I needed the option to deploy the Management server by defining the Security Management as: "Log Server/SmartEvent only"
Once the dedicated logging server was deployed, I attempted to establish the SIC trust but it kept failing, even when I reset the SIC. I found that the logging server's default Security group was not allowing the SIC trust to be established:
After I changed the Security Group to match the Primary Management Server, the SIC trust was established:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Funny enough, I ran into a similar issue a few weeks back with regular Security Management.
Hopefully this gets corrected in the near future.