MDS and MDLS and masters file

May the 4th (+4)
Roadmap Session and Use Cases for
Cloud Security, SASE, and Email Security

SASE Masters:
Deploying Harmony SASE for a 6,000-Strong Workforce
in a Single Weekend

Paradigm Shifts: Adventures Unleashed!
Capture Your Adventure for a Chance to WIN!

Join the Photo Contest!

Mastering Compliance
Unveiling the power of Compliance Blade

WATCH NOW

CPX 2024 Content
is Here!

Get What You Need

Harmony SaaS
The most advanced prevention
for SaaS-based threats

LEARN MORE

CheckMates Go:
CPX 2024 Recap

LISTEN NOW

Create a Post

Hi All,

We have a Provider-1 running R80.10 and currently it does everything, policy , logs etc..

However we receive logs to a public IP which is not hosted on any Check Point device, so we have to use the masters file (and GuiDBedit) to achieve the logging.

I have now configured a MD Log server to migrate the logs to, to share the load.

When I change the Log section in masters file to the new log server IP (and push policy), i'm not receiving logs at all ( there is still a connection on port 257 to the cma from the gateway - not the log server), and cert based VPNs stop working.

If i change the IP back to the public IP of the CMA, it works fine again after a policy push, but all logging to the one box.

Is the 'Log' section also used for CRL retrieval ? I would have expected this to be the 'policy' section.

Also is there a way of configuring this to work correctly in the environment we have ?

Has anyone else come across this ?