Hi All,
Recently I have setup a gateway as Monitor Mode and to capture all the traffics within the network.
I have configured the gateway according these guideline:
The gateway has configured a Monitor port and is connected to a switch port configured as SPAN port to mirror all the traffics.
After monitored for 1 day, we can see the firewall logs are working fine, we able to see all the network traffics.
But when I try to search for logs related to IPS, Anti-Bot and Anti-Virus (Monitor mode so the threat prevention is set as all "Detect")
Is this a normal behavior? Because this seems like a little less for IPS logs for me. For what i expect is to see more of the threat prevention related logs.
Is there any settings that I've missed out on the gateway?
Appreciate for all the help
Thank you
Starting with the basics what "track" option is set for the policy rules currently, detailed / extended log or other?
Click on the arrow in the track cell and select more to see additional options e.g.
Typically in monitor mode we won't have things like HTTPS inspection which will also limit visibility into traffic.
With that said what Threat Prevention Profile is currently used?
Hi @Chris_Atkinson ,
The "track" option for policy rules are set to "Log".
I might found out the cause of it.
The profile "Optimized" is being used. By following the admin guide to set up the gateway in monitor mode, the "Activation Mode" will be needed to change from "Prevent" to "Detect". When changing the default "Optimized" profile, SmartConsole will prompt automatically asking you to create another cloned profile of the default "Optimized" profile since the default profile cannot be modify.
After modified profile had been cloned out, I did not notice that the "Protection" of the IPS Protection are mostly Inactive. After enabled most of the "Protection" of the IPS Protection of the profile then I am able to see some of IPS logs again.
Appreciate for the help
Thank you
| User | Count |
|---|---|
| 28 | |
| 22 | |
| 19 | |
| 13 | |
| 10 | |
| 9 | |
| 9 | |
| 8 | |
| 6 | |
| 6 |
Mon 25 Nov 2024 @ 02:00 PM (EST)
(Americas) AI Series Part 3: Maximizing AI to Drive Growth and EfficiencyTue 26 Nov 2024 @ 10:00 AM (CET)
EMEA Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsTue 26 Nov 2024 @ 03:00 PM (CET)
Navigating NIS2: Practical Steps for Aligning Security and ComplianceTue 26 Nov 2024 @ 05:00 PM (CET)
Discover the Future of Cyber Security: What’s New in Check Point’s Quantum R82Tue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopTue 03 Dec 2024 @ 05:00 PM (CET)
Americas CM Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsMon 25 Nov 2024 @ 02:00 PM (EST)
(Americas) AI Series Part 3: Maximizing AI to Drive Growth and EfficiencyTue 26 Nov 2024 @ 10:00 AM (CET)
EMEA Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsTue 26 Nov 2024 @ 03:00 PM (CET)
Navigating NIS2: Practical Steps for Aligning Security and ComplianceTue 26 Nov 2024 @ 05:00 PM (CET)
Discover the Future of Cyber Security: What’s New in Check Point’s Quantum R82Tue 03 Dec 2024 @ 05:00 PM (CET)
Americas CM Session: Automated Collaborative Prevention with 3rd Party Endpoint SolutionsTue 03 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 1: Cloud Risk Management WorkshopWed 04 Dec 2024 @ 10:00 AM (GMT)
UK Community CNAPP Training Day 2: Cloud Risk Management Workshop
