This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Wayne_Situ
Participant
‎2017-10-24 10:36 PM
Jump to solution

Checkpoint firewall logging source interface

On a Cisco router I could specify syslog is sent from one of its interfaces such as loopback.  On a checkpoint firewall could I source syslog from an interface other than what is configured as management that is established with SIC?  If not, how could I source syslog from a different interface?  thank you

0 Kudos
1 Solution

Accepted Solutions
_Daniel_
Contributor
‎2020-06-17 01:57 PM
In response to Ilya_Yusupov
Jump to solution

Hi Guys,

It'll certainly makes out lives bit better in case Check Point introduce a command to set the source interface for syslog

 

Many thanks,

View solution in original post

12 Replies
PhoneBoy
Admin
Admin
‎2017-10-25 05:36 AM
Jump to solution

The IP used is determined by the routing table in the OS, using the egress interface IP as the source IP. 

I suppose you could create a NAT rule to source the relevant traffic from the desired IP.

What's the problem you're trying to solve here?

GabsOliv
Contributor
‎2019-07-01 08:19 AM
In response to PhoneBoy
Jump to solution

Nat Don't work. Any Idea ?

0 Kudos
Mike_A
Advisor
‎2019-07-01 10:17 AM
Jump to solution

Add a host route for your syslog server out the interface you want to source the traffic from off the gateway. 

0 Kudos
motiami
Contributor
‎2019-07-31 05:25 AM
In response to Mike_A
Jump to solution

I have the same issue where the module is sending logs to the management server using it's external IP as a source for the packets but the SIC between the mgmt server and the FW module is build based on the management IP which is a private IP.

The return traffic does not routed over our WAN network but over the internet and this is incorrect.

is there a way to set the source interface of the logs to be the Mgmt0 interface?

0 Kudos
GabsOliv
Contributor
‎2019-08-06 04:30 PM
In response to motiami
Jump to solution

Hi

In my case, solved the issue, creating a dummy object

0 Kudos
motiami
Contributor
‎2019-08-06 08:03 PM
In response to GabsOliv
Jump to solution

Hello and thanks for your reply.

I don't understand your solution, can you please elaborate?

0 Kudos
Moe_89
Contributor
‎2019-08-07 01:36 AM
In response to motiami
Jump to solution

On the gateways did you try setting the MGMT interface: "set management interface <if_name>"
0 Kudos
Ilya_Yusupov
Employee
Employee
‎2019-08-06 10:54 PM
Jump to solution

Hi,

 

You have 2 options:

 

1. Configure Syslog Server behind the interface you want to be the source of syslog messages.

2. You can configure Syslog server behind any interface and you can do Static NAT on a range of the desired interface, it should work.

0 Kudos
motiami
Contributor
‎2019-09-24 04:57 AM
In response to Ilya_Yusupov
Jump to solution

Hi Ilya,

I have configured static NAT so the public IP will be replaced with one of the internal IPs configured on the cluster but still, the packets leave the firewall with the original source IP which is the public.

 

The external interface IP is 192.192.192.254 and the internal interface IP is 10.1.1.254

I have configured a NAT rule that says" original source - 192.192.192.254" to target 192.168.1.1, replace with the source of 10.1.1.254 and the target remains original.

I tried static and hide NAT and the same result - the source is unchanged.

Any thoughts? 

0 Kudos
emreturkmenler
Contributor
‎2020-03-17 09:42 AM
In response to motiami
Jump to solution

Is there any solution for this issue ?
0 Kudos
Ilya_Yusupov
Employee
Employee
‎2020-03-17 12:11 PM
In response to emreturkmenler
Jump to solution

as far as i remember there was no issue but miss configuration.

@motiami  - can you share what was missing as i don't remember 100%.

0 Kudos
_Daniel_
Contributor
‎2020-06-17 01:57 PM
In response to Ilya_Yusupov
Jump to solution

Hi Guys,

It'll certainly makes out lives bit better in case Check Point introduce a command to set the source interface for syslog

 

Many thanks,

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece
    In-Person

    Tue 25 Mar 2025 @ 09:00 AM (EDT)

    Canada In-Person Cloud Security with Hands-On CloudGuard Workshops!
    In-Person

    Tue 25 Mar 2025 @ 12:00 PM (MDT)

    Salt Lake City: CPX 2025 Recap
    In-Person

    Tue 08 Apr 2025 @ 12:00 PM (MDT)

    Denver: CPX 2025 Recap
    CheckMates Events
    li.common.scroll-to.top