Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Wayne_Situ
Participant
Jump to solution

Checkpoint firewall logging source interface

On a Cisco router I could specify syslog is sent from one of its interfaces such as loopback.  On a checkpoint firewall could I source syslog from an interface other than what is configured as management that is established with SIC?  If not, how could I source syslog from a different interface?  thank you

0 Kudos
1 Solution

Accepted Solutions
_Daniel_
Contributor

Hi Guys,

It'll certainly makes out lives bit better in case Check Point introduce a command to set the source interface for syslog

 

Many thanks,

View solution in original post

12 Replies
PhoneBoy
Admin
Admin

The IP used is determined by the routing table in the OS, using the egress interface IP as the source IP. 

I suppose you could create a NAT rule to source the relevant traffic from the desired IP.

What's the problem you're trying to solve here?

GabsOliv
Contributor

Nat Don't work. Any Idea ?

0 Kudos
Mike_A
Advisor

Add a host route for your syslog server out the interface you want to source the traffic from off the gateway. 

0 Kudos
motiami
Contributor

I have the same issue where the module is sending logs to the management server using it's external IP as a source for the packets but the SIC between the mgmt server and the FW module is build based on the management IP which is a private IP.

The return traffic does not routed over our WAN network but over the internet and this is incorrect.

is there a way to set the source interface of the logs to be the Mgmt0 interface?

0 Kudos
GabsOliv
Contributor

Hi

In my case, solved the issue, creating a dummy object

0 Kudos
motiami
Contributor

Hello and thanks for your reply.

I don't understand your solution, can you please elaborate?

0 Kudos
Moe_89
Contributor
On the gateways did you try setting the MGMT interface: "set management interface <if_name>"
0 Kudos
Ilya_Yusupov
Employee
Employee

Hi,

 

You have 2 options:

 

1. Configure Syslog Server behind the interface you want to be the source of syslog messages.

2. You can configure Syslog server behind any interface and you can do Static NAT on a range of the desired interface, it should work.

0 Kudos
motiami
Contributor

Hi Ilya,

I have configured static NAT so the public IP will be replaced with one of the internal IPs configured on the cluster but still, the packets leave the firewall with the original source IP which is the public.

 

The external interface IP is 192.192.192.254 and the internal interface IP is 10.1.1.254

I have configured a NAT rule that says" original source - 192.192.192.254" to target 192.168.1.1, replace with the source of 10.1.1.254 and the target remains original.

I tried static and hide NAT and the same result - the source is unchanged.

Any thoughts? 

0 Kudos
emreturkmenler
Contributor
Is there any solution for this issue ?
0 Kudos
Ilya_Yusupov
Employee
Employee

as far as i remember there was no issue but miss configuration.

@motiami  - can you share what was missing as i don't remember 100%.

0 Kudos
_Daniel_
Contributor

Hi Guys,

It'll certainly makes out lives bit better in case Check Point introduce a command to set the source interface for syslog

 

Many thanks,

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events