This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
RemoteUser
Advisor
Tuesday

S1C forwarding LOGS

Hi mates,
I have a question.

Is it possible to forward logs to a SIEM using TCP without SSL/TLS when using Smart-1 Cloud?

According to the documentation, this seems to be supported:
https://sc1.checkpoint.com/documents/Infinity_Portal/WebAdminGuides/EN/Check-Point-SmartCloud-Admin-...

However, when I contacted TAC, they advised that it’s better to use TLS.
I was wondering if anyone has a working TCP (non-SSL) configuration in production.

Also, does the choice of protocol depend on the specific SIEM being used?

Thanks in advance.

0 Kudos
11 Replies
Vincent_Bacher
MVP Silver
MVP Silver
Tuesday

When I look at the documentation, it clearly states that both SSL-encrypted forwarding and plain forwarding are supported.
The choice of protocol, whether TLS, plain or UDP, depends on what your SIEM supports. Tac's statement is, of course, correct. Encrypted transmission should always be preferred to plain text transmission, even if plain text is supported and works.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
RemoteUser
Advisor
Tuesday
In response to Vincent_Bacher

100% right Vincent

0 Kudos
RemoteUser
Advisor
Tuesday
In response to RemoteUser

We only need to set up this configuration with Tufin, and the Tufin team told us that they support UDP on port 514 and TLS.
However, as far as I know, we already tried UDP, and it doesn’t seem to be working.

0 Kudos
Vincent_Bacher
MVP Silver
MVP Silver
Tuesday
In response to RemoteUser

Did you work like discussed here?

https://forum.tufin.com/support/kc/latest/Content/Suite/cp_log-exp_R81.20.htm

I'm an S1C layman, I'm just trying to brainstorm a little.

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
0 Kudos
the_rock
MVP Diamond
MVP Diamond
Tuesday

Hey bro,

100% possible. We do it for few customers to siem solution. There is TAC case currently for new CP customer using S1C where we have an issue doing it for tcp protocol, so TAC is working on that. You just do it from the portal itself, see below.

 

 

Screenshot_1.png

Best,
Andy
0 Kudos
Vincent_Bacher
MVP Silver
MVP Silver
Tuesday
In response to the_rock

Apparently, I wasn't that far off the mark. 🙂

and now to something completely different - CCVS, CCAS, CCTE, CCCS, CCSM elite
the_rock
MVP Diamond
MVP Diamond
Tuesday
In response to Vincent_Bacher

You got it. @RemoteUser , I know 2 customers where we have this working with tcp/over tls as well. Just not sure this issue we currently have if it is siem or not. TAC guy said he believes it could be log rate problem, but they are still checking it.

Will update you once we have a solution.

Best,
Andy
0 Kudos
RemoteUser
Advisor
Tuesday
In response to the_rock

https://support.checkpoint.com/results/sk/sk182699 this cloud be a possible solution?

(1)
the_rock
MVP Diamond
MVP Diamond
Tuesday
In response to RemoteUser

100%. Sorry, forgot about it. TAC gave us that sk last week as well.

Best,
Andy
0 Kudos
RemoteUser
Advisor
Tuesday
In response to the_rock

ok but since we want to export all the logs of the managment i need to configure this rule on all the policy package of the cma? 

0 Kudos
the_rock
MVP Diamond
MVP Diamond
Tuesday
In response to RemoteUser

Sounds like that, yes.

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events