cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

Security Checkup setup Management + GW

Hello,

I am trying to setup a Security Cehckup with dedicated Managemnt server and a gateway with interface in SPAN mode.

In the topology of the gateway I've set the eth1 as  Internal / Not defined and No antispoofing

And the Mgt interface as External without Antispoofing

In the logs I can see strange lines. I see the requests from the gateway to DNS servers (OK) and also the packet back from the server. Is it normal due to the monitor interface? Is ti possible to mask these lines as the security checkup will integrate these logs in the reports?

Thanks

Labels (2)
3 Replies
Admin
Admin

Re: Security Checkup setup Management + GW

Expected behavior as undoubtedly the span port is seeing the traffic coming from the gateway.

You can create a "accept no log" rule for the relevant traffic to suppress it from the logs.

Re: Security Checkup setup Management + GW

Yes that makes sense.

Complicated not to log, as the only rule I have in the Access rule is

Any Any accept / no log (as recommanded in the security checkup admin guide)

Maybe adding a no log rule in the AppCtrl  policy...

Admin
Admin

Re: Security Checkup setup Management + GW

Possibly, but the "blade" showing here is firewall...