Configuring a Dedicated Logging Port

The Chassis logging mechanism lets each SGM forward logs directly to a dedicated Log ServerClosed Dedicated Check Point server that runs Check Point software to store and process logs. over the SSM's management ports.

However, the SSM's management ports can experience a high load when SGMs generate a large number of logs.

To reduce the load on the SSM management ports:

  1. Configure a dedicated SSM port for logging

  2. Configure the Chassis to send the logs to the dedicated Log Server

Topology:

[Management Server](some interface) <===> (SSM port 1)[Chassis]

[Management Server](some interface) <===> (interface 1) [Log Server] (interface 2) <===> (SSM port 2)[Chassis]

Procedure:

Step

Instructions

1

Install a dedicated Log Server:

  1. Install a dedicated Log Server with two physical interfaces.

    See the applicable Installation and Upgrade Guide > Chapter Installing a Dedicated Log Server or SmartEvent Server.

  2. Connect one physical interface on the dedicated Log Server to the Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..

  3. Connect another physical interface on the dedicated Log Server directly to an available SSM port.

    Important - Do not use the same SSM port, which connects to the Management Server.

  4. In SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., create the required object that represents the dedicated Log Server.

    See the applicable Installation and Upgrade Guide > Chapter Installing a Dedicated Log Server or SmartEvent Server.

2

In the GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. OS of the Security GroupClosed A logical group of Security Gateway Modules that provides Active/Active cluster functionality. A Security Group can contain one or more Security Gateway Modules. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway., configure in Gaia gClishClosed The name of the global command line shell in Check Point Gaia operating system for Security Gateway Modules. Commands you run in this shell apply to all Security Gateway Module in the Security Group. the dedicated management port on the SSM.

Syntax:

[Expert@MyChassis-ch0x-0x:0]# gclish

[Global] MyChassis-ch01-01> set interface ethX-MgmtY ipv4-address <IPv4 Address> mask-length <Mask Length>

Example:

[Global] MyChassis-ch01-01 > set interface eth1-Mgmt2 ipv4-address 2.2.2.10 mask-length 24

Note - You must assign an IPv4 address from the same subnet as assigned to the dedicated interface on the Log Server, which connects to the SSM.

3

In SmartConsole, configure the Security Group object to send its logs to the dedicated Log Server.

See the applicable Logging and Monitoring Administration Guide > Chapter Getting Started > Section Deploying Logging Section - Subsection Configuring the Security Gateways for Logging.

Note - The SMOClosed See "SMO". makes sure that return traffic from the Log Server reaches the correct Security Group Member in the Security Group.