Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Deven_Amode
Explorer

Anti-bot logs not shown in logs for external gateway cluster, but only on internal cluster.

We have two gateway clusters, Edge and Internal cluster, installed and have enabled anti-bot/virus features enabled on both, however, only the internal cluster policy shows the logs for anti-bot/virus.

No logs are shown in edge cluster policy. I have made sure that the features are both properly enabled, right policy is installed on the right target.

Can someone please help me figure out why the Egde-cluster policy does not show any anti-bot logs ? Its mainly strange because all the traffic coming on internal cluster is traversing from the edge-cluster gateways.

Any help would be much appreciated. Thanks in advance.

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

Keep in mind that Anti-Bot is looking at outbound traffic specifically.

Assuming your users traverse the internal cluster first, it should be blocked there and not seen by your edge cluster at all.

Also, HTTPS Inspection configuration will play a role in what the various clusters see. 

Is this in use here?

Did you also try, for example, try using the test files here: ThreatWiki | Check Point Software 

I would try it from a host not behind the internal cluster to confirm it's working on the edge cluster.

Deven_Amode
Explorer

Hi Dameon,

Thanks for your prompt reply.

What you said is correct. I think that's the reason why the traffic didn't get detected in the edge cluster. I also checked and can confirm that the https inspection is not enabled.

We have tried the test pages but that was from internal cluster. I am yet to test it from a host not from the internal cluster to actually determine whether its working for the edge cluster, but I am sure it will work.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events