Good Day Everyone!
We have some logs, but not sure that we understand them correctly.
CEF:0|Check Point|VPN-1 & FireWall-1|Check Point|Encrypt|echo-request|Unknown|act=Encrypt cn2Label=ICMP Type cn2=8 cn3Label=ICMP Code cn3=0 cs2Label=Peer Gateway cs2=10.25.1.33 deviceDirection=0 duser=User1 rt=171436202000 cs2Label=Rule Name cs2=Implied Rule cs2=Implied Rule cs2=VPN Client Analysis cs2=Implied Rule layer_name=GlobalTrafficDrop...
CEF:0|Check Point|VPN-1 & FireWall-1|Check Point|Detect|Address spoofing|Unknown|act=Detect deviceDirection=0 msg=Address spoofing rt=171436202000 spt=50740 dpt=53 ifname=eth1-01.7 loguid={0x663270c7,0x3f,0xf76511ac,0x1b933721} origin=172.17.11.241 originsicname=CN\\=user ,O\\=user.com sequencenum=679 version=5 dst=172.17.101.41 product=VPN-1 & FireWall-1 proto=17 src=192.168.10.9
My question is what means |Encrypt| and |Detect| values in the log samples? Is it event type?
As I correctly understand the value Enrypt it's a type of event that relates to S2S VPN. Does this event can be related only to S2S VPN? Can be related to RA VPN?
I am wondering which type of events can be on checkpoint except Encrypt and Log. I couldn't find a full list of event types in any documentation.
In most cases I see type: Log
CEF:0|Check Point|VPN-1 & FireWall-1|Check Point|Log|echo-request...