1 Reply Latest reply on Nov 6, 2014 10:47 AM by nicole pauls

    Check Point configuration

    dfsw

      I have setup LEM to pull logs from our Check Point firewall.  How do I verify that everything is being logged?  (Allowed traffic, dropped, etc.)  I see a lot of traffic, but when I do a search I do not see any ICMP traffic when I was testing pinging from my computer to a server on the Internet.

       

       

      Thank you in advance.

        • Re: Check Point configuration
          nicole pauls

          In CheckPoint's management center, you can set certain ACLs to the 'log' target. I think out of the box some level of info is logged, then you can specify each ACL to log if you want that in addition. I'm not 100% confident how - in other devices denied traffic is logged by default, but I can't remember if that's the case with Checkpoint.

           

          You should also be seeing authentication/change activity (someone logging in to the management center, installing policies, etc).