R80.30SP Quantum Maestro Administration Guide

Command Auditing (asg log audit)

Use command auditing to:

Notify users about critical actions they are about to do
Obtain confirmation for critical actions
Create forensic logs

If users confirm the action, it is necessary to supply their names and provide a reason for running the command.

If the command affects a critical device or a process (pnote) a second confirmation can be required.

For example, if you use administrative privileges to change the state of the Security Group A logical group of Security Appliances that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Every Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected. Member to DOWN, the output looks like this:

# asg_sgm_admin -b 2_01 down

You are about to perform sgm_admin down on blades: 2_01

Are you sure? (y - yes, any other key - no) y

sgm_admin down requires auditing

Enter your full name: John Smith

Enter reason for sgm_admin down [Maintenance]: Maintenance

WARNING: sgm_admin down on SGM: 2_01, User: John Smith, Reason: Maintenance

To see the audit logs, run: # asg log audit

22 April 2024

© 2019 - 2024 Check Point Software Technologies Ltd.