- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Why do Hackers Love IoT Devices so Much?
Join our TechTalk on Aug 17, at 5PM CET | 11AM EST
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi.
Does anyone know how can I see syslog messages sent by Radware DDoS appliances in SmartEvent?
I've already configured syslog in Radware Appliances, and I selected the "Accept syslog messages" on SmartEvent configuration.
Do I have to configure something special to receive syslog messages?
Thanks in advance.
Im not personally aware of any special config. Is there communication back and forth?
Andy
Yes, I created a special rule to permit traffic between Radware appliances and SmartEvent.
I don't see any syslog traffic.
Can you run zdebug on the fw to see if traffic is getting dropped?
Did you follow the steps here: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
DDoS Appliances were implemented by a Radware engineer, those appliances are working correctly and don't have Analytics License, that's why the customer want to send the syslog messages to SmartEvent.
If I were you, I would do some captures on the firewall to make sure thats not blocking this traffic.
Yes, tomorrow I will capture traffic.
I'll share you the results.
Here are commands I would run...say Radware ip is 10.10.10.100, I would run below commands:
tcpdump -nni any host 10.10.10.100
fw monitor -e "accept host(10.10.10.100);"
fw monitor -F '10.10.10.100,0,0,0,0' -F '0,10.10.10.100,0,0,0'
fw ctl zdebug + drop | grep 10.10.10.100
Andy
In addition to what PhoneBoy said, you may want to look into sk55020 as well
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY