AnsweredAssumed Answered

MDS and MDLS and masters file

Question asked by Peter Lyndley on Sep 3, 2018
Latest reply on Sep 3, 2018 by Kaspars Zibarts

Hi All,

We have a Provider-1 running R80.10 and currently it does everything, policy , logs etc..

 

However we receive logs to a public IP which is not hosted on any Check Point device, so we have to use the masters file (and GuiDBedit) to achieve the logging.

 

I have now configured a MD Log server to migrate the logs to, to share the load.

 

When I change the Log section in masters file to the new log server IP (and push policy), i'm not receiving logs at all ( there is still a connection on port 257 to the cma from the gateway - not the log server), and cert based VPNs stop working.

If i change the IP back to the public IP of the CMA, it works fine again after a policy push, but all logging to the one box.

 

Is the 'Log' section also used for CRL retrieval ? I would have expected this to be the 'policy' section.

 

Also is there a way of configuring this to work correctly in the environment we have ?

Has anyone else come across this ?

Outcomes