cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Employee+
Employee+

AWS - Exporting Firewall Logs

With an on premise management console overseeing the AWS firewalls there is a concern on keeping track of the audit logs. Any recommendations to keep track of them; exporting them locally? Any SK?

5 Replies
Vladimir
Pearl

Re: AWS - Exporting Firewall Logs

Please clarify your question.

According to your post, you are already managing the CloudGuard IaaS gateways with conventional, on-premises management server. So you are logging everything to it.

If this is the case, then it does not matter that your VSAs are in AWS, the logs are still local and are subject to the same backup and recovery procedures as before.

Employee+
Employee+

Re: AWS - Exporting Firewall Logs

That was exactly my assumption but had to ask to confirm things. Thanks!

0 Kudos
Employee+
Employee+

Re: AWS - Exporting Firewall Logs

I'm thinking it will require some configuration and it might be the actual premise of the question. ATRG SK111060 touches on it and thought someone might have some experience setting that up?

0 Kudos
Employee+
Employee+

Re: AWS - Exporting Firewall Logs

Sorry, that's for NSX which is totally different but will play a similar challenge since they also bought NSX. With said, is it that easy for AWS to store the logs on local smartconsole? No configurations etc?

0 Kudos
Vladimir
Pearl

Re: AWS - Exporting Firewall Logs

The management interface of the vSEC, or CloudGuard is exposed to the Internet by design and is getting assigned the static public IP as a normal part of the installation process.

In a sense, it is no different from any remotely managed gateway, such as those located in a bank branches.

When Management Server connecting to it initially, SIC takes care of establishing secure communication channel for management and log shipping.

Management server itself though, should be statically NATed on your local gateway to a public IP.

Since it'll be the only management server connected to the gateway, it will automatically be defined as a target for logging.

If you have separate log servers, SmartEvent appliances, etc., situation may be slightly more complex.

Cheers,

Vladimir