Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Arthur_DENIS1
Advisor
Advisor
Jump to solution

Strange log - Originating from against

Hi,

I found a strange and recurring log "originating from against" for the blade IPS - see screenshot

originating-from-against - anonymous.jpg

No behavior, but a lot of this for all our firewall.

Firewall and MGMT are running version R80.20

 

Any idea for that point ?

Thanks,
Arthur

0 Kudos
1 Solution

Accepted Solutions
Timothy_Hall
Legend Legend
Legend

This is related to the Log Suppression feature of Threat Prevention, which was covered by my 2022 CPX speech Max Gander: The Hidden World of Log Generation and Log Suppression at Check Point

Bottom line is that this is expected behavior, please see sk115876: Some fields are missing from IPS or Threat Prevention logs

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com

View solution in original post

(1)
7 Replies
G_W_Albrecht
Legend Legend
Legend

There is not much that can be said when the only detail we know here is the version 😎

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Arthur_DENIS1
Advisor
Advisor

Indeed, but what I can says... 

We get this message from all firewall without an apparent reason.

 

Do you have already see this message ?

0 Kudos
G_W_Albrecht
Legend Legend
Legend

Look into the logs in SVTracker - look for logs from the same source at the same time...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
Arthur_DENIS1
Advisor
Advisor

OK so I try to find the same log with SVTracker, but no way to find it.

Regarding the othe logs from the same origin, we have a lot of accept and Drop (about 1600 entry for the same second) - icmp/tcp/udp - but only from the firewall blade.

 

This is the only log from IPS blade at this exact time from this specific origin.

0 Kudos
PhoneBoy
Admin
Admin
Might be worth a TAC case.
0 Kudos
FireMage
Contributor

hello,

was there a solution for this? i currently have the same behaviour with our r81.20.

thanks
jeff

0 Kudos
Timothy_Hall
Legend Legend
Legend

This is related to the Log Suppression feature of Threat Prevention, which was covered by my 2022 CPX speech Max Gander: The Hidden World of Log Generation and Log Suppression at Check Point

Bottom line is that this is expected behavior, please see sk115876: Some fields are missing from IPS or Threat Prevention logs

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events