Management General Management Topics Logging and Reporting Multi-Domain Management Policy Management
- Local User Groups
AI & Machine Learning
I am trying to setup a Security Cehckup with dedicated Managemnt server and a gateway with interface in SPAN mode.
In the topology of the gateway I've set the eth1 as Internal / Not defined and No antispoofing
And the Mgt interface as External without Antispoofing
In the logs I can see strange lines. I see the requests from the gateway to DNS servers (OK) and also the packet back from the server. Is it normal due to the monitor interface? Is ti possible to mask these lines as the security checkup will integrate these logs in the reports?
Expected behavior as undoubtedly the span port is seeing the traffic coming from the gateway.
You can create a "accept no log" rule for the relevant traffic to suppress it from the logs.
Yes that makes sense.
Complicated not to log, as the only rule I have in the Access rule is
Any Any accept / no log (as recommanded in the security checkup admin guide)
Maybe adding a no log rule in the AppCtrl policy...