Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

checkpoint Firewall audit for configuration change

Jump to solution

Hi ,
How to do audit for Firewall configuration changes done through cli or GUI .
Suppose if any firewall engineer perform changes I would to like know who logged in to firewall and what changes has been done .


Regards,
Vaibhav

0 Kudos
1 Solution

Accepted Solutions

Hi, 

 

You have to enable Audit logs on WebUI to send management server, please check the attached snip. 

You can check Audit logs in SmartConsole --> Logs & Monitor --> New Tab -->Click on Audit Logs. 

 

 

 

View solution in original post

8 Replies
Highlighted
Employee++
Employee++

 

This would be your first port of call: Logs & Monitor > New Tab > Audit...

audit.png

GUI being SmartDashboard vs Web UI?

Highlighted
This log is just for changes made in the SmartConsole, nothing done on GAIA will be recorded here.
Normally commands in clish are recorded in the messages file, I don't know about the WebUI.
When you use a TacAcs server though this will record the actions done per user per system, sorry I do not know to what level.
Regards, Maarten
Highlighted

Hi Maarten ,

Thanks for the response .

Correct ,from smart console we can see only firewall rules changes , admin operation in smart console .

I am more interested to find out changes done on GAIA from CLI or WEBGUI .

Regards,

Vaibhav

 

0 Kudos
Highlighted
Admin
Admin

By default, OS audit logs are sent to /var/log/messages

You can also redirect Gaia logging to another file, as described here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

0 Kudos
Highlighted
Thanks very much !!
0 Kudos

Hi, 

 

You have to enable Audit logs on WebUI to send management server, please check the attached snip. 

You can check Audit logs in SmartConsole --> Logs & Monitor --> New Tab -->Click on Audit Logs. 

 

 

 

View solution in original post

Highlighted
Thanks Yatiraj , I will try this now
0 Kudos
Highlighted

Hi ,

I have enabled Audit logs on WebUI and its working as expected . Thanks very much !!

 

0 Kudos