This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
socteam_gsi
Participant
‎2020-10-29 06:40 AM

Optimizing OPSEC traffic on Riverbed

Hello All,

We are having Checkpoint OPSEC integration with Splunk however while sending logs to Splunk there's huge traffic logs which is choking our wan bandwidth . We are having Riverbed Wan optimizer and we would like to optimize this traffic.
As a testing we tried to import OPSEC p12 certificate (by pulling from Splunk) and tried to import it in riverbed but it is asking for password. We tried empty password and one time activation password in riverbed but both didn't work. 

What are we missing here?

0 Kudos
5 Replies
Dror_Aharony
Employee Alumnus
Employee Alumnus
‎2020-10-29 06:59 AM

Which CP-version are you using?
I'd highly suggest moving to our newer & much improved exporting logs tool, called log-exporter (replacing the older OPSEC LEA protocol).
see log-exporter full guide/usage in sk122323:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

It's fairly easy to use via CLI & much more granular.

It allows much better filtering of values & fields to remove much needed log-load from being exported to your splunk.

 

socteam_gsi
Participant
‎2020-10-29 07:45 AM
In response to Dror_Aharony

its R80.20 but we cannot move to Log exporter as of now.

Is there anyway we can make it work with OPSEC_LEA only?

0 Kudos
PhoneBoy
Admin
Admin
‎2020-10-29 07:54 AM
In response to socteam_gsi

If the logs are coming from Check Point to Splunk, I'm not sure why the Riverbed needs a certificate or a password.
Is the Riverbed also sending logs as well, is the Check Point instance on the Riverbed, or?

In any case, Log Exporter is the recommended path forward.

0 Kudos
socteam_gsi
Participant
‎2020-10-29 10:15 AM
In response to PhoneBoy

Its a Riverbed WAN optimizer (Checkpoint-->Riverbed WAN1----> WAN---->Riverbed WAN2--->Splunk) and according to the  team who handles Riverbed WAN Optimizer if we provide OPSEC certificate then they can optimize the traffic from Checkpoint to Splunk.

0 Kudos
PhoneBoy
Admin
Admin
‎2020-10-29 11:36 AM
In response to socteam_gsi

Sounds like a query should be made to Riverbed regarding this.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events