- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Optimizing OPSEC traffic on Riverbed
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Optimizing OPSEC traffic on Riverbed
Hello All,
We are having Checkpoint OPSEC integration with Splunk however while sending logs to Splunk there's huge traffic logs which is choking our wan bandwidth . We are having Riverbed Wan optimizer and we would like to optimize this traffic.
As a testing we tried to import OPSEC p12 certificate (by pulling from Splunk) and tried to import it in riverbed but it is asking for password. We tried empty password and one time activation password in riverbed but both didn't work.
What are we missing here?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Which CP-version are you using?
I'd highly suggest moving to our newer & much improved exporting logs tool, called log-exporter (replacing the older OPSEC LEA protocol).
see log-exporter full guide/usage in sk122323:
It's fairly easy to use via CLI & much more granular.
It allows much better filtering of values & fields to remove much needed log-load from being exported to your splunk.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
its R80.20 but we cannot move to Log exporter as of now.
Is there anyway we can make it work with OPSEC_LEA only?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If the logs are coming from Check Point to Splunk, I'm not sure why the Riverbed needs a certificate or a password.
Is the Riverbed also sending logs as well, is the Check Point instance on the Riverbed, or?
In any case, Log Exporter is the recommended path forward.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Its a Riverbed WAN optimizer (Checkpoint-->Riverbed WAN1----> WAN---->Riverbed WAN2--->Splunk) and according to the team who handles Riverbed WAN Optimizer if we provide OPSEC certificate then they can optimize the traffic from Checkpoint to Splunk.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sounds like a query should be made to Riverbed regarding this.
