Solved: Re: Add Quantum Spark 1900 Appliance to a manageme...

Exonix · ‎2025-01-20

Hello,

we have Quantum Spark 1900 Appliance [R81.10.15] and we need to add it to a management Server [R81.20], which located in another country und runs on a VM. The connection will go through Internet.

The first question: what is the best way to do this? I heard, if I add an Appliance, no existing rules will be copied to the Management server, as well as VPN connections. If it is true, how can I export them and import into the Management Server?

The second question: in Appliance we can set up the sending of logs to the Management Server, but the configuration requires "SIC one-time Password". If I set up sending logs, won't the log server also become a management server, and then I'll lose everything again (since the rules won't be copied)?

Thank you!

Chris_Atkinson · ‎2025-01-21

In the past if you wanted to have your logs from a locally managed SMB appliance visible in the central management then there was a process for this documented here: sk108437 - How to configure the External Security Log Server on Locally Managed SMB appliances I've not tested this on recent versions however.

CCSM R77/R80/ELITE

View solution in original post

Lesley · ‎2025-01-20

Central management requires SIC, in order to go from local to central appliance will be reset.

It should show this in the wizard. Rules you have to make manually in new management.

maybe this video helps, bit older but still shows the trick

https://youtu.be/fI4mh28hnWw

Here you can see difference between local and mgmt:

https://support.checkpoint.com/results/sk/sk178604

-------
Please press "Accept as Solution" if my post solved it 🙂

Exonix · ‎2025-01-21

I see... and since the process of switching to central management is not fast, I need a temporary solution for collecting logs, and therefore I have a third question. I have configured the appliance to send syslog to the "management server", I see that traffic is coming - but how can I view the logs themselves in the console? In particular, I'm interested in VPN connection logs, but I don't see anything in the standard logs console...

Thank you!

Chris_Atkinson · ‎2025-01-21

If it is raw syslog did you already enable "accept syslog messages" on the Management object and install database or some other approach?

CCSM R77/R80/ELITE

Exonix · ‎2025-01-21

yes, i did

Chris_Atkinson · ‎2025-01-21

In the past if you wanted to have your logs from a locally managed SMB appliance visible in the central management then there was a process for this documented here: sk108437 - How to configure the External Security Log Server on Locally Managed SMB appliances I've not tested this on recent versions however.

CCSM R77/R80/ELITE

Exonix · ‎2025-01-30

thank you it did help. Unfortunatelly the article doesn't explain the Ports to be open:

srs: mgmt/log server
dst: firewall
ports: 18191, 18192, 18211

srs: firewall
dst: mgmt/log server
ports: 18191, 257, 18210

Last question: how fast will the logs appear on the log server?

Exonix · ‎2025-01-30

I forgot to install database - everything works prefect, thanks a lot!

G_W_Albrecht · ‎2025-01-21

1st Q: You can not export any rules from local management, so this has to be set up freshly

2nd Q: These are two different things: You can just use the SMS as a log server or let it do both central management and log server. SIC is alwqays needed

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Are you a member of CheckMates?

Add Quantum Spark 1900 Appliance to a management Server