This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Arturxr
Contributor
‎2025-12-09 11:36 PM

ISP Crash Analysis

Hello, is there a mechanism for analyzing provider outages? We had a provider switch, but we can't find a way to track it for incident investigation. The logs show that the NAT changed and that's all.

0 Kudos
11 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2025-12-09 11:42 PM

Of the below which technology are you leveraging in this context?

  • Dynamic Routing
  • ISP Redundancy
  • SD-WAN
  • Other?

CCSM R77/R80/ELITE
0 Kudos
Arturxr
Contributor
‎2025-12-09 11:43 PM
In response to Chris_Atkinson

  • ISP Redundancy
0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2025-12-09 11:53 PM
In response to Arturxr

You could try the track/alert option as explained here if not already... 

https://community.checkpoint.com/t5/Security-Gateways/ISP-Redundancy-Tracking/td-p/99891 

Otherwise the debug option perhaps:

https://community.checkpoint.com/t5/Security-Gateways/ISP-redundancy-link-health-status/td-p/204914 

SNMP may also be helpful per:
https://community.checkpoint.com/t5/Security-Gateways/ISP-Redundancy-SNMP-OID-for-monitoring-backup-... 

CCSM R77/R80/ELITE
0 Kudos
Arturxr
Contributor
‎2025-12-10 12:20 AM
In response to Chris_Atkinson

If I understand correctly, we don't have any of this configured and we won't be able to view any logs of the incident that occurred?

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2025-12-10 02:10 AM
In response to Arturxr

You can also review the contents of /var/log/messages or /var/log/messages.n to see if there a clues recorded there in lieu of the above.

CCSM R77/R80/ELITE
0 Kudos
Arturxr
Contributor
‎2025-12-10 12:39 AM
In response to Chris_Atkinson

And another question, if I set the Logs parameter in the ISP Redundancy settings, where will these logs be displayed?

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2025-12-10 06:17 PM
In response to Arturxr

SmartView/SmartConsole

CCSM R77/R80/ELITE
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2025-12-10 06:39 PM
In response to Arturxr

You can also search by blade in the logs, though not sure if isp redundancy would be there, as its not technically a blade. 

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2025-12-16 04:08 PM
In response to Arturxr

Hey mate,

Any luck with this?

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Arturxr
Contributor
‎2025-12-16 10:11 PM
In response to the_rock


We haven't been able to figure out why the ISP switches are happening yet. We set the "LOG" parameter in the ISP settings.

In "Audit Logs" in Smart Console, we discovered that we can track the switches by entering the ISP's network gateway address in the search bar. This will show us which default gateway was assigned to the FW and when.

But as far as I understand, this option was available even before the "LOG" parameter was set in the ISP settings, but we couldn't find where the logs are stored that we can view after setting this parameter.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2025-12-17 04:21 AM
In response to Arturxr

Did you open TAC case for it yet?

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events