This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
DominusRex23
Participant
a week ago

Log Delivery Issue in ElasticXL Setup

Hi everyone,

We have a current setup here in ElasticXL where the gateway’s MGMT port is configured with IP 192.168.168.10, while the Smart-1 MGMT port uses 192.168.1.1. Both devices are connected to the core switch, and routing between them is properly configured. ICMP/ping tests confirm mutual reachability.

However, when we opened SmartConsole, no logs were visible. Insights showed that the management server was up and reachable from both firewalls. Under Device Information > Log Servers Connectivity, we saw a description indicating a connectivity problem.
To troubleshoot, we changed the gateway’s MGMT IP to 192.168.1.11, placing it in the same subnet as Smart-1. After this change, logs started appearing in SmartConsole as expected.

Can anyone confirm if this subnet alignment is a requirement for log delivery in ElasticXL? Is this an expected behavior?

edit: Smart-1 MGMT port is 192.168.1.1

Preview file
32 KB
Preview file
35 KB
Preview file
55 KB
Preview file
68 KB
0 Kudos
3 Replies
emmap
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
a week ago

There's no requirement to have them in the same subnet. Did you have an explicit route out the of the cluster to 192.168.1.0/24 that would use the magg interface or was it just that default route? 

0 Kudos
Martin_Raska
Advisor
Advisor
a week ago

tcpdump here is your best friend and double check the routing via magg interface.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
Sunday

I will add maybe doing fw monitor too may help.

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events