Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
socteam_gsi
Participant

Optimizing OPSEC traffic on Riverbed

Hello All,

We are having Checkpoint OPSEC integration with Splunk however while sending logs to Splunk there's huge traffic logs which is choking our wan bandwidth . We are having Riverbed Wan optimizer and we would like to optimize this traffic.
As a testing we tried to import OPSEC p12 certificate (by pulling from Splunk) and tried to import it in riverbed but it is asking for password. We tried empty password and one time activation password in riverbed but both didn't work. 

What are we missing here?

0 Kudos
5 Replies
Dror_Aharony
Employee
Employee

Which CP-version are you using?
I'd highly suggest moving to our newer & much improved exporting logs tool, called log-exporter (replacing the older OPSEC LEA protocol).
see log-exporter full guide/usage in sk122323:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

 

It's fairly easy to use via CLI & much more granular.

It allows much better filtering of values & fields to remove much needed log-load from being exported to your splunk.

 

socteam_gsi
Participant

its R80.20 but we cannot move to Log exporter as of now.

Is there anyway we can make it work with OPSEC_LEA only?

0 Kudos
PhoneBoy
Admin
Admin

If the logs are coming from Check Point to Splunk, I'm not sure why the Riverbed needs a certificate or a password.
Is the Riverbed also sending logs as well, is the Check Point instance on the Riverbed, or?

In any case, Log Exporter is the recommended path forward.

0 Kudos
socteam_gsi
Participant

Its a Riverbed WAN optimizer (Checkpoint-->Riverbed WAN1----> WAN---->Riverbed WAN2--->Splunk) and according to the  team who handles Riverbed WAN Optimizer if we provide OPSEC certificate then they can optimize the traffic from Checkpoint to Splunk.

0 Kudos
PhoneBoy
Admin
Admin

Sounds like a query should be made to Riverbed regarding this.

0 Kudos