Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
DR_74
Contributor

Security Checkup setup Management + GW

Hello,

I am trying to setup a Security Cehckup with dedicated Managemnt server and a gateway with interface in SPAN mode.

In the topology of the gateway I've set the eth1 as  Internal / Not defined and No antispoofing

And the Mgt interface as External without Antispoofing

In the logs I can see strange lines. I see the requests from the gateway to DNS servers (OK) and also the packet back from the server. Is it normal due to the monitor interface? Is ti possible to mask these lines as the security checkup will integrate these logs in the reports?

Thanks

3 Replies
PhoneBoy
Admin
Admin

Expected behavior as undoubtedly the span port is seeing the traffic coming from the gateway.

You can create a "accept no log" rule for the relevant traffic to suppress it from the logs.

DR_74
Contributor

Yes that makes sense.

Complicated not to log, as the only rule I have in the Access rule is

Any Any accept / no log (as recommanded in the security checkup admin guide)

Maybe adding a no log rule in the AppCtrl  policy...

PhoneBoy
Admin
Admin

Possibly, but the "blade" showing here is firewall...

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events