Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Denis_Ruzicka
Participant

Security gateway sending logs over internet instead of MPLS (private ip space)

Hi we currently have set of 2 clusters and one management server. One cluster in datacenter (6000 series) and one for on site (5000 series). The management server is located in datacenter. Up until now the site had it's own public ip address. 

We changed the design and currently use mpls uplink as default gateway. We changed the default gateway and management works. We can push new rules and we see gateways are up and utilized.

 

However, we ran into an issue with logs. We aren't receiving logs from security gateways on site. The gateways are trying to send logs over the internet instead of using private address connection. I can see attempts to send UDP packets with port 257 from our ISP provider public segment to the public ip of our gateways in datacenter. Before trying to set up rules allowing the communication  we would like to try to make the gateways communicate over MPLS instead.

Is there any way to tell the gateway that there is private address to which it can send logs?

I can reach port 257 from the cli of the gateway to the private management server ip.

 

We are still running R80.40..

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

It's actually TCP 257 that is used for logs.
The gateways will use whatever is configured in the management object (the "main IP"), the communication to this will be routed per the device routing configuration.
Have you confirmed the routing for this IP address is correct?

This may also be relevant: https://support.checkpoint.com/results/sk/sk112162 

0 Kudos
CheckPointerXL
Advisor
Advisor

Is the automatic Nat still configured on mgmt object? Did you change main ip of the members with mpls net ips?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events