Hi All,
Recently I have setup a gateway as Monitor Mode and to capture all the traffics within the network.
I have configured the gateway according these guideline:
https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_Installation_and_Upgrade_Gui...
The gateway has configured a Monitor port and is connected to a switch port configured as SPAN port to mirror all the traffics.
After monitored for 1 day, we can see the firewall logs are working fine, we able to see all the network traffics.
But when I try to search for logs related to IPS, Anti-Bot and Anti-Virus (Monitor mode so the threat prevention is set as all "Detect")
Is this a normal behavior? Because this seems like a little less for IPS logs for me. For what i expect is to see more of the threat prevention related logs.
Is there any settings that I've missed out on the gateway?
Appreciate for all the help
Thank you