This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Denis_Ruzicka
Participant
‎2024-04-30 10:02 AM

Security gateway sending logs over internet instead of MPLS (private ip space)

Hi we currently have set of 2 clusters and one management server. One cluster in datacenter (6000 series) and one for on site (5000 series). The management server is located in datacenter. Up until now the site had it's own public ip address. 

We changed the design and currently use mpls uplink as default gateway. We changed the default gateway and management works. We can push new rules and we see gateways are up and utilized.

 

However, we ran into an issue with logs. We aren't receiving logs from security gateways on site. The gateways are trying to send logs over the internet instead of using private address connection. I can see attempts to send UDP packets with port 257 from our ISP provider public segment to the public ip of our gateways in datacenter. Before trying to set up rules allowing the communication  we would like to try to make the gateways communicate over MPLS instead.

Is there any way to tell the gateway that there is private address to which it can send logs?

I can reach port 257 from the cli of the gateway to the private management server ip.

 

We are still running R80.40..

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2024-04-30 01:26 PM

It's actually TCP 257 that is used for logs.
The gateways will use whatever is configured in the management object (the "main IP"), the communication to this will be routed per the device routing configuration.
Have you confirmed the routing for this IP address is correct?

This may also be relevant: https://support.checkpoint.com/results/sk/sk112162 

0 Kudos
CheckPointerXL
Advisor
Advisor
‎2024-05-07 02:58 PM

Is the automatic Nat still configured on mgmt object? Did you change main ip of the members with mpls net ips?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events