Hello. Is it possible to manage logs generated and sent by standalone 1470 gateway from Smart Event R.80 mgmt server? That menans, only logs and events, but not policies?
Thanks in advance.
Should work following steps of the 'Configuring External Log Servers' chapter of the Check Point 1470/1490 Appliance Centrally Managed Administration Guide (here for the last available version: R77.20.75).
Hello Xavier. Thanks for replying so soon. I've tried to do that, but I can't see traffic on the MGMT console. This is the context:
| StandAloneGW1470| --------------logs-------------------> |R.80 MGMT with integrated Smart Event|
(Local policies, not managed) (Use this only to see logs and run some Analysis with Smart Event)
There are two options on the SAGW1470 when configuring External Log Servers:
CheckPoint Log Server.
I already have set a regular syslog server up and it receives logs from the stand alone box.
Now, I've tried both options to set the Checkpoint MGMT Console IP Address.
With the first one, sic and password are required. But it's not configured because the GW is not managed by the MGMT CHKP server.
With the second option, I set the IP address IP of the MGMT CHKP server, 514, but no logs appear on Smart View Tracker o Smart Event tab...
Theoretically, you could do something like this: How to enable SmartEvent to read logs from external Security Management Server / externally managed Log Server
However, I have not tried this with a 1470 and don't know if it would work or not.
You need SIC for communication with the SMS. Please consult the Check Point 1100/1200R/1400 Appliances Locally Managed Administration Guide R77.20.80, chapter External Check Point Log Server, p. 195f !
Retrieving data ...