This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
User130442
Explorer
‎2025-05-28 02:08 AM

Event Forwarding in Check Point – "No Traffic detected"

Hi all!

I’m running into an issue with Event Forwarding in Check Point Quantum Security Management and wanted to check if anyone here has experienced something similar:

Setup summary:
We’re running a Syslog server on Ubuntu that receives logs from our firewall and other systems and forwards them to Microsoft Sentinel.

I’ve set up a destination for Event Forwarding, and after successfully uploading the certificates, the test runs fine. The test event shows up in Microsoft Sentinel as expected once it’s sent to the Syslog server.

However, as soon as I create a forwarding rule, no logs are being sent. Instead, I get the message “No Traffic detected.”

We do have a valid license for Event Forwarding, so that shouldn’t be the problem.

Has anyone seen this behavior before or have an idea what might be causing it?
Any help or insight would be greatly appreciated!

Thanks and best regards!

Preview file
6 KB
0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2025-05-28 09:08 AM

TAC would need to investigate here.

0 Kudos
User130442
Explorer
‎2025-05-29 11:05 PM
In response to PhoneBoy

Great idea! But they already did and they couldn't help...

0 Kudos
PhoneBoy
Admin
Admin
‎2025-05-30 10:32 AM
In response to User130442

Please send me the SR in a PM.

Also, it's not clear where the screenshot you've attached is coming from.
More details about what you've configured might be helpful.
More complete screenshots also helpful (redacting any sensitive details, of course).

0 Kudos
User130442
Explorer
‎2025-06-02 12:56 AM
In response to PhoneBoy

Hi PhoneBoy!

Thanks for the reply.

This Screenshot comes from the Event Forwarding page in our Checkpoint Account Settings.

I can provide the following details:

We did set up a syslog server who we send all events and logs from our systems to (NAS, Azure VM's etc...).

In Microsoft Azure we us a loadbalancer as entry point for incoming traffic from our Quantum Firewall (On Premise).

This Loadbalancer forwards the traffic to the syslog server.

We did set up NAT and Firewall policies so everything gets routed correctly.

----------------------------------

As mentioned: When I create the Destination in the Checkpoint Account settings under Event Forwarding the "Connectivity Test" is successful but after I created the Forwarding Rule it says "No traffic detected".

I hope this helps you to understand the case better.

Kind regards!

Preview file
39 KB
0 Kudos
PhoneBoy
Admin
Admin
‎2025-06-02 12:52 PM
In response to User130442

Please send me the relevant case in a PM.

0 Kudos
Upcoming Events

    CheckMates Events