cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
Employee+
Employee+

Log cleaning rule

One of the things that all firewall administrators should do is to create a log cleaning rule. As an example, a firewall connected to a windows networks will receive a lot of network broadcast. Those broadcast will be drop and log by default on the clean-up rule. In the long run, this results in a lost of disk space.

To remove those broadcast from the log file and save disk space, you should create a rule without log at the beginning of the rulebase:

The BROADCAST_GROUP should include all the broadcast address from all your gateways:

If you have multiple gateways, this task can become very long to do.

 

I've created a script to help you automate this task.

 

The script gets all the checkpoint gateway name and IP, connect to all of them and issue an ifconfig command then create a CSV template for the broadcast objects creation:

 

1-      Gets gateway name and IP from the management API and creates a CSV file

2-      Connect to each gateway from that CSV and issue ifconfig to get all the Broadcast address

3-      Creates a CSV template with all the discovered Broadcast

4-      Create and Import all broadcast objects into a group named BROADCAST_GROUP (API call)

You will automatically gets all the broadcast address from all your gateways into the groupe name BROADCAST_GROUP.

 

You can run the script either from the Smart Console or from SSH command line on the management server itself.

 

Happy Scripting 

Labels (1)
7 Replies
Admin
Admin

Re: Log cleaning rule

Nicolas, this is great!

Thanks for sharing.

0 Kudos

Re: Log cleaning rule

This script is really awesome!!! 

I tried on my MDS and I had some problems but digging a little bit I found the issue. 
mdsenv "domain" is mandatory in a multi domain environment. I added it as third line and added in all mgmt_cli commands -d "domain".

Thanks a lot

Employee++
Employee++

Re: Log cleaning rule

Great job Nicolas!

Just one comment - the show-simple-gateways command will return only first 50 gateways by default.

Robert.

0 Kudos

Re: Log cleaning rule

I added limit 500 to override this 

ED
Silver

Re: Log cleaning rule

Will this rule affect a DHCP server running on Gaia gateways? When a newly connected host sends dchp-request to 255.255.255.255.

0 Kudos

Re: Log cleaning rule

I would think you could still put a rule in place above the cleanup rule that specifically permits the DHCP required protocols (dhcp-request and dhcp-reply) without permitting all broadcast traffic.

Employee+
Employee+

Re: Log cleaning rule

The stealth rule will block those requests anyway. If you run the DHCP server on your gateway, you will need to add rule before the Stealth rule.