This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Sandgirl
Contributor
‎2024-05-09 08:29 AM
Jump to solution

Sending checkpoint logs over the VPN to the log server

Hi,

We have a following setup:

Two Checkpoint clusters - one in Azure, one on premises. They are connected via the VPN. 

We have built a log server in Azure, and would like to send the logs from the on premises boxes to this log server. 

However, the logs are not arriving on the log server, they aren't even arriving on the Checkpoints in Azure - they seem to be blocked by the implicit rule. 

We don't have a management server, we use Smart Cloud. 

We edited the masters file to point the on premises logs to the internal IP of the log server, rather than the Smart Cloud IP, however the logs still seem to be send out to the log server's Smart Cloud IP (according to the logs in Smart Console). 

Is there any way to make it work? I found a way to override the implicit rule, but this is only applicable to the SMS server, which we don't have. 

Regards,
Sandgirl

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2024-05-09 08:53 AM
Jump to solution

Smart-1 Cloud-managed gateways can only send logs to Infinity Portal.
This is by design.

View solution in original post

3 Replies
PhoneBoy
Admin
Admin
‎2024-05-09 08:53 AM
Jump to solution

Smart-1 Cloud-managed gateways can only send logs to Infinity Portal.
This is by design.

the_rock
Legend
Legend
‎2024-05-09 03:29 PM
Jump to solution

You can ask TAC for an official answer to this, but I believe what @PhoneBoy said is true. Now, keep in mind one thing, you canNOT ssh to cloud mgmt instance yourself, thats not allowed. You can open API instance, but its limited as far as things you can do. Also, you can restart it yourself ie cpstop;cpstart, but only TAC can do an actual reboot.

Andy

0 Kudos
the_rock
Legend
Legend
‎2024-05-11 05:56 AM
Jump to solution

Hey Sandgirl,

Just out of curiosity, I remembered this post when I spoke with escalation guy about a different case and he confirmed what @PhoneBoy said is indeed the case, so it is by design.

Have a nice weekend.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events