This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Martijn
Advisor
Advisor
‎2019-03-18 01:52 AM

Default track option set to 'Log' for a new rule

Hi all,

 

Is it possible to set the Track option for every new rule to 'Log' instead of 'None'?

We have a customer that would like to have this option because he logs every rule.

 

Regards,

Martijn.

12 Replies
Jerry
Mentor
Mentor
‎2019-03-18 02:10 AM

Martijn

when new rule is made by default "none" is applied but changing it manually to LOG isn't a big deal isn't it? When you script (API) new rule(s) creation then obviously you can set automatically to have new rules with "LOG" by default (see API on ATRG - search community or SK DB!) other than than I think "MANUAL" new rule creation will always be (IMHO) with NONE. As far as I know this has been always (since 20-25y) the case if I'm not mistaken ...
Jerry
Martijn
Advisor
Advisor
‎2019-03-18 03:32 AM
In response to Jerry

Hi,

 

It is not up to me to decide for the customer it is not a big deal changing the Track option.

 

The security policy (written and technical) is very strict for this customer. Every action on the network and systems must be logged. So to make is fool-proof, it would be nice if the default Track action was set to 'Log'.

 

I will tell the customer API is a way to do it, but from SmartConsole it is not yet an option.

 

Martijn.

Danny
MVP Platinum
MVP Platinum
‎2019-03-18 03:45 AM
In response to Martijn

It is. Just enable it within Reporting Tools of your Global Properties.

Martijn
Advisor
Advisor
‎2019-03-18 06:49 AM
In response to Danny

Hi,

 

I have tried this, but I cannot select my log server (which is the SmartCenter).

Only unused log servers are available. Not sure what that means.

 

I am missing something?

 

Regards,

Martijn

0 Kudos
PhoneBoy
Admin
Admin
‎2019-03-18 11:28 AM
In response to Martijn

Might be worth a TAC case to ask.
0 Kudos
Wolfgang
MVP Gold
MVP Gold
‎2019-03-18 12:46 PM
In response to Martijn

You need another logserver then your actual one. If you look at Dannie’s screenshot you‘ll see the small enhancement.

“you have to choose another logserver then the actual one“. Meaning you need more then one logserver to get this working.

if you have only the one on your smartcenter you need a second one.

0 Kudos
Hugo_vd_Kooij
MVP Gold
MVP Gold
‎2019-03-18 01:17 PM
In response to Danny

There is a dirty trick that may make this work.

Create a dummy log server object with the IP of the SmartCenter.

Totaly untested ....... but worth a shot.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
Martijn
Advisor
Advisor
‎2019-03-27 07:11 AM
In response to Hugo_vd_Kooij

Did try this, but doe not work.

In my SmartCenter I get the log "Stopped Logging" one I ad a new object with the same IP as the SmartCenter an push a policy.

0 Kudos
Itall
Contributor
‎2023-05-24 05:36 AM
In response to Jerry

It is a very big deal if you have day where are too many changes on firewall. Default logging behavior should be optional as is setting the default source/destination behavior. With API this easy, but not all companyes working with API.

0 Kudos
Wolfgang
MVP Gold
MVP Gold
‎2019-03-18 12:59 PM

We had a customer with similar requirements and some more pre defined values.

we created some rules with pre filled settings, like log, install target, description and part of the name. This rule is disabled and placed as first rule in different sections of the rulebase. 

Now you can copy and paste this rule and start a new rule with predefined values. It‘s simple, not the best solution but very helpful.

Hugo_vd_Kooij
MVP Gold
MVP Gold
‎2019-03-18 01:16 PM
In response to Wolfgang

Interresting workaround.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
JozkoMrkvicka
Authority
Authority
‎2019-03-18 01:46 PM
In response to Hugo_vd_Kooij

Another dirty workaround:

Check via API all rules which doesnt have logging set, change it and push the firewall.

Kind regards,
Jozko Mrkvicka
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events