4 Replies Latest reply on Aug 26, 2014 2:58 PM by adamembrey

    Firewall Log Management

    rmayneord

      Hi,

       

      Can you please advise if it is possible to collect the logs from Checkpoint firewalls running on Splat or Nokia platforms and pass them to LEM so they can be viewed without the need to log onto the firewalls directly?

       

      Thanks,

      Ross

        • Re: Firewall Log Management
          nicole pauls

          The way the checkpoint integration works is by connecting to the management station corresponding to your single/multiple firewalls, and gathering the centralized logs from there. It's done securely using checkpoint's log API (OPSEC LEA), which means we have to have a certificate and be a valid object in checkpoint's database. If you've got 1 management station per firewall (or aren't using standalone management stations), you will have to connect to each to generate the secure certificate/connection.

           

          Some customers in the past have used client logging modules to separate logging from the firewall/management station.

           

          We do support both SPLAT and IPSO, it's all the same software and management APIs.  (Some of the UTMs and other firewalls are other software, which does stuff via syslog instead of the secure logging API.)