- Products
- Learn
- Local User Groups
- Partners
-
More
Celebrate the New Year
With CheckMates!
Value of Security
Vendor Self-Awareness
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
Mobile Security
Buyer's Guide Out Now
Important! R80 and R80.10
End Of Support around the corner (May 2021)
I am running SmartEvent on a dedicated VM running R80.10, it is picking up millions of FW logs a day from my numerous F5s that have HTTP health probes using non-standard ports, I tried adding the addresses to the Global Exclusions list but I keep getting hits on them, is there a way to filter them out of SmartEvent in R80? In the R77 version I successfully filtered events but these don't seem to be working the same. I guess another solution would be for me to add excpetions in IPS to ignore them too so a log wouldn't be generated....just trying to see if I'm missing something with the SmartEvent exlusion list.
PhoneBoy
If it's IPS triggering the log, it would be best to address at the source: add an exception for the relevant traffic.
Thanks for the response, that is what I ended up doing, I did find a post where the SmartEvent Global Exclusion list doesn't apply to FW logs, only events generated in SmartEvent, so that is probably why it wasn't working there.
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY