- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
We have many of these events, and which i would want to get rid of.
Of course i can add an exception in IPS for this, but i would like to know if i can solve it first.
Also, how is this possible?
So our devices do send syslog over UDP 514, still the IPS events are triggered.
UDP/514 is the correct destination port for syslog traffic, but if I recall correctly the source port is supposed to be 514 as well and it is 57460 in your case which is causing the traffic be flagged by IPS. Changing the source port to 514 on the sending system should resolve this.
If that is not feasible, there doesn't seem to be a way to add acceptable custom source ports to IPS for that syslog signature that I can see, so your best course of action here is probably an exception against this specific IPS signature for the sending server.
UDP/514 is the correct destination port for syslog traffic, but if I recall correctly the source port is supposed to be 514 as well and it is 57460 in your case which is causing the traffic be flagged by IPS. Changing the source port to 514 on the sending system should resolve this.
If that is not feasible, there doesn't seem to be a way to add acceptable custom source ports to IPS for that syslog signature that I can see, so your best course of action here is probably an exception against this specific IPS signature for the sending server.
Hi Timothy,
I was under the impression that only the destination port had to match.
Thanks for your insight and info.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY