- CheckMates
- :
- Products
- :
- CloudMates Products
- :
- Cloud Network Security
- :
- Discussion
- :
- Sending checkpoint logs over the VPN to the log se...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sending checkpoint logs over the VPN to the log server
Hi,
We have a following setup:
Two Checkpoint clusters - one in Azure, one on premises. They are connected via the VPN.
We have built a log server in Azure, and would like to send the logs from the on premises boxes to this log server.
However, the logs are not arriving on the log server, they aren't even arriving on the Checkpoints in Azure - they seem to be blocked by the implicit rule.
We don't have a management server, we use Smart Cloud.
We edited the masters file to point the on premises logs to the internal IP of the log server, rather than the Smart Cloud IP, however the logs still seem to be send out to the log server's Smart Cloud IP (according to the logs in Smart Console).
Is there any way to make it work? I found a way to override the implicit rule, but this is only applicable to the SMS server, which we don't have.
Regards,
Sandgirl
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Smart-1 Cloud-managed gateways can only send logs to Infinity Portal.
This is by design.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Smart-1 Cloud-managed gateways can only send logs to Infinity Portal.
This is by design.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can ask TAC for an official answer to this, but I believe what @PhoneBoy said is true. Now, keep in mind one thing, you canNOT ssh to cloud mgmt instance yourself, thats not allowed. You can open API instance, but its limited as far as things you can do. Also, you can restart it yourself ie cpstop;cpstart, but only TAC can do an actual reboot.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey Sandgirl,
Just out of curiosity, I remembered this post when I spoke with escalation guy about a different case and he confirmed what @PhoneBoy said is indeed the case, so it is by design.
Have a nice weekend.
Andy