cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Send Log to other SIEM server using site-to-site VPN

Hi all,

This is my first time using checkmate. I just want to ask some question regarding sending Syslog using LogExporter via Site-to-Site (S2S) VPN. Basically, we want to create S2S VPN with 3rd party firewall. I have done configure interoperable device on SmartConsole. The issue is when I trying to ping from my checkpoint management to other SIEM server, the connection is drop. (You may refer my network diagram for detail). From another side, they said I advertise my VPN tunnel using Public IP instated local subnet

I have viewed the log from SmartView tracker and here the detail log;

Traffic

Source: y.y.y.4 (physical Public IP Gateway)

Destination: x1.x1.x1.10 (External Syslog Server)

Protocol: ICMP

Interface: eth1 (Public IP Port)

More

NAT additional rule number: 0

NAT rule number: 0

Xlate Src: y.y.y.5 (Virtual Public IP Gateway)

VPN Peer Gateway: y.1.y1.y1.2 (Public IP 3rd Party Firewall)

From 3rd party firewall side, they define my peer local subnet as x.x.x.253 and x.x.x.200. On my VPN Domain, I have set IP x1.x1.x1.10. Should I create manual NAT on CheckPoint or define CheckPoint Public IP as peer local subnet?

Can someone advise me on this? Thank you in advance

Tags (1)
0 Kudos
3 Replies
Admin
Admin

Re: Send Log to other SIEM server using site-to-site VPN

Make sure your VPN community has NAT disabled:

0 Kudos

Re: Send Log to other SIEM server using site-to-site VPN

Hello Dameon,

Yes, I already tick on "disable NAT inside the VPN community"

thanks,

0 Kudos
Admin
Admin

Re: Send Log to other SIEM server using site-to-site VPN

From what end is the above log entry?

Not clear from your description.

In any case, having the remote end include the public IP of your gateway in their definition of the encryption domain might also help.

0 Kudos