cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Checkpoint firewall logging source interface

On a Cisco router I could specify syslog is sent from one of its interfaces such as loopback.  On a checkpoint firewall could I source syslog from an interface other than what is configured as management that is established with SIC?  If not, how could I source syslog from a different interface?  thank you

0 Kudos
9 Replies
Admin
Admin

Re: Checkpoint firewall logging source interface

The IP used is determined by the routing table in the OS, using the egress interface IP as the source IP. 

I suppose you could create a NAT rule to source the relevant traffic from the desired IP.

What's the problem you're trying to solve here?

0 Kudos
GabsOliv
Nickel

Re: Checkpoint firewall logging source interface

Nat Don't work. Any Idea ?

0 Kudos
Mike_A
Copper

Re: Checkpoint firewall logging source interface

Add a host route for your syslog server out the interface you want to source the traffic from off the gateway. 

0 Kudos
motiami
Ivory

Re: Checkpoint firewall logging source interface

I have the same issue where the module is sending logs to the management server using it's external IP as a source for the packets but the SIC between the mgmt server and the FW module is build based on the management IP which is a private IP.

The return traffic does not routed over our WAN network but over the internet and this is incorrect.

is there a way to set the source interface of the logs to be the Mgmt0 interface?

0 Kudos
GabsOliv
Nickel

Re: Checkpoint firewall logging source interface

Hi

In my case, solved the issue, creating a dummy object

0 Kudos
motiami
Ivory

Re: Checkpoint firewall logging source interface

Hello and thanks for your reply.

I don't understand your solution, can you please elaborate?

0 Kudos
Moe_89
Nickel

Re: Checkpoint firewall logging source interface

On the gateways did you try setting the MGMT interface: "set management interface <if_name>"
0 Kudos
Employee+
Employee+

Re: Checkpoint firewall logging source interface

Hi,

 

You have 2 options:

 

1. Configure Syslog Server behind the interface you want to be the source of syslog messages.

2. You can configure Syslog server behind any interface and you can do Static NAT on a range of the desired interface, it should work.

0 Kudos
Highlighted
motiami
Ivory

Re: Checkpoint firewall logging source interface

Hi Ilya,

I have configured static NAT so the public IP will be replaced with one of the internal IPs configured on the cluster but still, the packets leave the firewall with the original source IP which is the public.

 

The external interface IP is 192.192.192.254 and the internal interface IP is 10.1.1.254

I have configured a NAT rule that says" original source - 192.192.192.254" to target 192.168.1.1, replace with the source of 10.1.1.254 and the target remains original.

I tried static and hide NAT and the same result - the source is unchanged.

Any thoughts? 

0 Kudos