CloudGuard Controller Monitoring

CloudGuard Controller Logs and Events

To monitor the CloudGuard ControllerClosed Provisions SDDC services as Virtual Data Centers that provide virtualized computer networking, storage, and security., use any of these options:

Note - As the CloudGuard Controller uses Identity AwarenessClosed Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. on the Security GatewayClosed Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources., the Security Gateway's kernel table limit can be reached in a scenario when there is a large number of IP addresses.

You can monitor and get a notification for this issue in SmartLog.

For details, refer to sk113833.

Description of Logs



Mapping of Data Center server started

CloudGuard Controller successfully connected to the data center.

It starts to map the Data CenterClosed Virtual centralized repository, or a group of physical networked hosts, Virtual Machines, and datastores. They are collected in a group for secured remote storage, management, and distribution of data. objects.

Mapping of Data Center server finished

CloudGuard Controller successfully mapped the Data Center objects.

It starts to monitor the Data Center changes.

Data center server objects were successfully updated on gateway <Name>

The Data Center object was successfully updated on the Security Gateway.

Description of Messages




Connectivity to Data Center server <DC info> lost.

Lost connection possibly due to connectivity issues.

In the Data Center object, click Test Connection.

Failed to update policy with data center objects. Install policy again to resolve the issue.

The install process completed correctly, but there is corrupt policy data in a data center object.


Connectivity to data center server <IP Address> lost. Objects imported from this data center server are no longer being updated.

Persistent connectivity issues between the Security Management ServerClosed Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. and CloudGuard Controller to the data center exist.

Resolve connectivity issues.

Failed to update data center server objects on gateway <Name of Security Gateway Object>. If issue persists contact Check Point Support.

CloudGuard Controller fails to update a Security Gateway.

The may be no connectivity to a Security Gateway.

Failed to generate data center server objects of new policy, Security gateways are no longer updated with the new data center objects.

There is a transfer fail of a policy to a Security Gateway.

Install the Access Control Policy again.

Failed to stop updates of data center objects on the secondary management server.

Data transmission to a Security Gateway from a Secondary Security Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server. stops.

Install the Access Control Policy again.

Failed to start updates from previous standby domain.

CloudGuard Controller fails to start update to Security Gateway.

It is possible that there is no connectivity to a Security Gateway.

Install the Access Control Policy again.

Failed to stop updates of data center objects for deleted domain. Contact Check Point Support.

CloudGuard Controller fails to stop Domain enforcement when a Domain is deleted.

Install the Access Control Policy again.

CloudGuard Controller Status

Options for checking the CloudGuard Controller status



On the Management Server

Follow these steps:

  1. Connect to the command line.

  2. Run: cpstat vsec

In SmartConsole

Follow these steps:

  1. From the left navigation panel, click Gateways & Servers..

  2. Select your Management Server object.

  3. At the bottom, from the Summary tab, click Device & License Information > Device Status.

SNMP Traps

See sk124532.

Data Center Updates

CloudGuard Controller requires reliable connectivity to the Security Gateways to continuously update the Security Gateways with changes to the Data Center objects.

The updates of Data Center objects include:

If the Security Gateway stops receiving updates for a Data Center Object, the Gateway has no way to verify that the object is still a valid object on the Data Center.

To create a balance between security and connectivity, each IP address of a Data Center object has a built-in expiration timer (aka Time To Live – TTL).

The CloudGuard Controller updates the IP addresses of the Data Center objects TTL on the Security Gateway to avoid TTL expiration.

However, if the Security Gateway(s) update fails continuously (for example, because of lack of connectivity between the Management and the Security Gateway), the TTL of the IP address is not updated.

When the full TTL of the IP address is reached, the IP address expires, and security policyClosed Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection. rules that use this IP of that Data Center object are no longer enforceable.

Due to the critical nature of Data Center Objects, it is highly recommended to monitor CloudGuard Controller status.

You can configure the TTL from 5 minutes to 30 days.

For more information see the enforcementSessionTimeoutInMinutes parameter in the Configuration Parameters section.

Creating a User Defined Event and Sending Alerts

The CloudGuard Controller is very critical component for the security of an organization.

If the CloudGuard Controller loses connection with a data center, for some reason, then there are no updates to the Gateways.

This a serious situation for any security administrator.

While administrators can monitor the SmartConsole logs in the office, there is also option to send critical CloudGuard Controller Events to an administrator's smartphone or email.