Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Diego_Javier_Me
Participant

Logs server and stand alone gateway

Hello. Is it possible to manage logs generated and sent by standalone 1470 gateway from Smart Event R.80 mgmt server? That menans, only logs and events, but not policies?

Thanks in advance.

6 Replies
XBensemhoun
Employee
Employee

Should work following steps of the 'Configuring External Log Servers' chapter of the Check Point 1470/1490 Appliance Centrally Managed Administration Guide (here for the last available version: R77.20.75).

Information Security enthusiast, CISSP, CCSP
0 Kudos
Diego_Javier_Me
Participant

Hello Xavier. Thanks for replying so soon. I've tried to do that, but I can't see traffic on the MGMT console. This is the context:

| StandAloneGW1470| --------------logs------------------->      |R.80 MGMT with integrated Smart Event|

(Local policies, not managed)                                    (Use this only to see logs and run some Analysis with Smart Event)

There are two options on the  SAGW1470 when configuring External Log Servers:

CheckPoint Log Server.

Syslog Servers. 

I already have set a regular syslog server up and it receives logs from the stand alone box. 

Now, I've tried both options to set the Checkpoint MGMT Console IP Address.

With the first one, sic and password are required. But it's not configured because the GW is not managed by the MGMT CHKP server.

With the second option, I set the IP address IP of the MGMT CHKP server, 514, but no logs appear on Smart View Tracker o Smart Event tab...

0 Kudos
cezar_varlan1
Collaborator

Have you checked this option?

0 Kudos
PhoneBoy
Admin
Admin

Theoretically, you could do something like this: How to enable SmartEvent to read logs from external Security Management Server / externally managed ... 

However, I have not tried this with a 1470 and don't know if it would work or not.

0 Kudos
cezar_varlan1
Collaborator

I have tried to run this SK on an Endpoint Management Server R80.20 to export logs to R80.20 SMS. 

It should work however for me i got denied at the step where you add the external log source as a "Correlation Unit" because in the newer releases there is one correlation unit per SmartEvent. Error is The number of licensed correlation units has been exceeded.”

If you have a license for SmartEvent 25 then you would indeed have 4 correlation units so you are allowed to add 3 external sources.

0 Kudos
G_W_Albrecht
Legend
Legend

You need SIC for communication with the SMS. Please consult the Check Point 1100/1200R/1400 Appliances Locally Managed Administration Guide R77.20.80, chapter External Check Point Log Server, p. 195f !

CCSE CCTE CCSM SMB Specialist

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events