Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
mato_b
Explorer

SIEM can not hit CMA behind NAT

hi Guys,

I have an issue to make a connection between SIEM server and CMA. . This setup is a little bit tricky as there is used NAT. Checkpoint VSX is based on R77.30 where customer's CMA has IP 155.0.0.13 it is linked with customer dedicated MLM (30.249.0.11) based on Gaia R77.30. Customer's SIEM is McAffee application with IP 10.0.0.1. 

The main problem is all these devices are in separated networks divided by FWs and SIEM IP 10.0.0.1 is not allowed in CMA network and same for CMA and CLM 155.0.0.13 and 30.x.x.x are not allowed in customer SIEM network, thus I used NAT.

 

SIEM(10.0.0.1)->checkpoint FW(10.0.0.1 natted to 30.249.0.1)->CMA(155.0.0.13)

reverse flow

CMA(155.0.0.13)->checkpoint FW(155.0.0.13 natted to 30.249.0.13)->SIEM(10.0.0.1)

I am not writing about CLM yet, because first we have to make a connection with CMA.

I see traffic is NATted, drops checked with zdebug. I got trust established on CMA however McAffee still can not connect to CMA. 

diagram.jpg

hope it make sense 🙂

My question is that if this setup is correct and if is possible to make such a connection where is NAT used. 

0 Kudos
5 Replies
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events