This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
maddah87
Contributor
‎2026-01-09 10:00 AM
Jump to solution

S1C with separate on premises log server???

Hi,

Just wanted confirm, is it possible to have Smart-1 cloud enterprise gateway management with On premises Log server rather extending smart-1 cloud?

 

Labels
0 Kudos
1 Solution

Accepted Solutions
Lesley
MVP Gold
MVP Gold
‎2026-01-09 10:27 AM
In response to the_rock
Jump to solution

Getting data to cloud is OK, getting data from the cloud to onprem is expensive! Would find more affordable solution 😉 

But anyway it is not possible:

-------
Please press "Accept as Solution" if my post solved it 🙂

View solution in original post

6 Replies
the_rock
MVP Diamond
MVP Diamond
‎2026-01-09 10:22 AM
Jump to solution

I dont believe you can do that. What you could do is forward the logs from S1C to onprem, but I dont think you can have separate on prem log server with dedicated S1C. I could be mistaken, so let someone else confirm, for sure.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Lesley
MVP Gold
MVP Gold
‎2026-01-09 10:27 AM
In response to the_rock
Jump to solution

Getting data to cloud is OK, getting data from the cloud to onprem is expensive! Would find more affordable solution 😉 

But anyway it is not possible:

-------
Please press "Accept as Solution" if my post solved it 🙂
maddah87
Contributor
‎2026-01-12 01:05 AM
In response to Lesley
Jump to solution

Thanks for the insights, the problem occurs when daily log rate increases. Adding log extensions may expensive than the on prem log server.

Thanks all for great inputs

0 Kudos
PhoneBoy
Admin
Admin
‎2026-01-12 07:15 AM
In response to maddah87
Jump to solution

We introduced an Aggregated mode to log ingestion in R82.10 and R82/R81.20 via JHF to assist with the log rate.
See: https://community.checkpoint.com/t5/Events/Tech-Tip-log-ingestion-problem-change-log-level-to-reduce... 

0 Kudos
(1)
Lesley
MVP Gold
MVP Gold
‎2026-01-12 07:58 AM
In response to maddah87
Jump to solution

You can consider to reduce the logs of high hit rules, or change them from accounting / detailed to normal log. Or disable log at all. You can also split logs into 2 rules, one with logs one without to make sure you don't log stuff that is not needed.

On the firewall you can run this command to see the top 5 hit rules:

cpstat blades

Top Rule Hits
-----------------------
|rule index|rule count|
-----------------------
|Rule 14 | 5147602|
|Rule 19| 1494552|
|Rule 570| 92130|
|Rule 269| 33766|
|Rule 147| 25880|
-----------------------

-------
Please press "Accept as Solution" if my post solved it 🙂
0 Kudos
Amir_Senn
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2026-01-13 06:09 AM
In response to Lesley
Jump to solution

Hi,

Correct me if I'm wrong, but maybe this is unrelated.

Maybe it's an issue to send information from S1C to a log server, but the logs are being sent from the SGW. This might still be supported.

Kind regards, Amir Senn
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events