This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Juan_Concepcion
Advisor
‎2019-04-24 06:03 AM

Tufin 'automatic policy generator' and R80

I saw a post about 2 years ago around APG (automatic policy generator) and R80 and it was stated that it was not on roadmap.  Would like to know if this is still the case or if it's possible to use this tool to sift through log data for the sake of crafting policies from logs?  I have tried unsuccessfully to run the cli tool and have it successfully convert the logs to the format necessary for tufin to read this in for the purpose of having detailed output of the connections that have been serviced by the firewall.

Was trying to use SmartEvent but unless you have "Sessions" enabled it is not possible to generate Network Activity reports - you only get drops so cannot use this product to obtain the desired results.

--Juan

4 Replies
HeikoAnkenbrand
Champion Champion
Champion
‎2019-04-24 09:34 AM

Have you tried the latest Tufin version 18.3?

➜ CCSM Elite, CCME, CCTE ➜ www.checkpoint.tips
0 Kudos
Juan_Concepcion
Advisor
‎2019-04-24 04:29 PM
In response to HeikoAnkenbrand

I'm using version 19.1.  Using the following command to try to read old logs:

 

st_apg_collect -m 1 -f /checkpoint/april_logs --from="2019-04-06" --to="2019-04-07" --policy-name=<Policy_Name>

 

it kicks off:

 

Writing logs to: /checkpoint/april_logs (truncating original file)
Searching for log files on server...
Searching 2019-04-06_124508_6.log...
Searching 2019-04-06_235900.log...
Searching 2019-04-07_000000.log...
[root@TufinOS checkpoint]#

 

and result is an empty file after an hour of processing:

[root@TufinOS checkpoint]# ls -alh
total 8.0K
drwxr-xr-x 2 root root 4.0K Apr 24 19:32 .
dr-xr-xr-x 24 root root 4.0K Apr 22 07:16 ..
-rw-r--r-- 1 root root 0 Apr 24 15:34 april_logs

I have verified and reverified my information, that there are logs/indexes in this timeframe but for whatever reason the data is not being extracted.

Martin_Valenta
Advisor
‎2019-04-24 11:01 PM
In response to Juan_Concepcion

and what Tufin support said on this?
Juan_Concepcion
Advisor
‎2019-12-21 08:30 AM
In response to Martin_Valenta

There is a known bug which they were working on - still no resolution customer switched to a different solution.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events