Configuring a Dedicated Logging Port

The logging mechanism on each Security GroupClosed A logical group of Security Appliances that provides Active/Active cluster functionality. A Security Group can contain one or more Security Appliances. Security Groups work separately and independently from each other. To the production networks, a Security Group appears a single Security Gateway. Every Security Group contains: (A) Applicable Uplink ports, to which your production networks are connected; (B) Security Appliances (the Quantum Maestro Orchestrator determines the applicable Downlink ports automatically); (C) Applicable management port, to which the Check Point Management Server is connected. Member in Security Groups forwards the logs directly to a dedicated Log ServerClosed Dedicated Check Point server that runs Check Point software to store and process logs. over the Quantum Maestro OrchestratorClosed A scalable Network Security System that connects multiple Check Point Security Appliances into a unified system. Synonyms: Orchestrator, Quantum Maestro Orchestrator, Maestro Hyperscale Orchestrator. Acronym: MHO.'s management port assigned to this Security Group.

However, the Quantum Maestro Orchestrator's management ports can experience a high load when Security Group Members generate a large number of logs.

To reduce the load on the Quantum Maestro Orchestrator's management ports:

  1. Assign a dedicated Quantum Maestro Orchestrator port of type management to a Security Group for logging

  2. Configure the Security Group to send the logs to the dedicated Log Server

Topology:

[Management Server](some interface) <===> (management port 1 on Quantum Maestro Orchestrator)[Security Group]

[Management Server](some interface) <===> (interface 1) [Log Server] (interface 2) <===> (management port 2 on Quantum Maestro Orchestrator)[Security Group]

Procedure:

Step

Instructions

1

Install a dedicated Log Server:

  1. Install a dedicated Log Server with two physical interfaces.

    See the applicable Installation and Upgrade Guide > Chapter Installing a Dedicated Log Server or SmartEvent Server.

  2. Connect one physical interface on the dedicated Log Server to the Management ServerClosed Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server..

  3. Connect another physical interface on the dedicated Log Server directly to an available management port on the Quantum Maestro Orchestrator.

    Important - Do not use the same port on the Quantum Maestro Orchestrator, which connects to the Management Server.

  4. In SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., create the required object that represents the dedicated Log Server.

    See the applicable Installation and Upgrade Guide > Chapter Installing a Dedicated Log Server or SmartEvent Server.

2

On the Quantum Maestro Orchestrator, assign the dedicated port of type management to a Security Group and apply the changes.

3

In the GaiaClosed Check Point security operating system that combines the strengths of both SecurePlatform and IPSO operating systems. OS of the Security Group, configure in Gaia gClishClosed The name of the global command line shell in Check Point Gaia operating system for Security Appliances connected to Check Point Quantum Maestro Orchestrators. Commands you run in this shell apply to all Security Appliances in the Security Group. the dedicated management port.

Syntax:

[Expert@MyChassis-ch0x-0x:0]# gclish

[Global] MyChassis-ch01-01> set interface ethX-MgmtY ipv4-address <IPv4 Address> mask-length <Mask Length>

Example:

[Global] MyChassis-ch01-01 > set interface eth1-Mgmt2 ipv4-address 2.2.2.10 mask-length 24

Note - You must assign an IPv4 address from the same subnet as assigned to the dedicated interface on the Log Server, which connects to the Quantum Maestro Orchestrator.

4

In SmartConsole, configure the Security Group object to send its logs to the dedicated Log Server.

See the applicable Logging and Monitoring Administration Guide > Chapter Getting Started > Section Deploying Logging Section - Subsection Configuring the Security Gateways for Logging.

Note - The SMO makes sure that return traffic from the Log Server reaches the correct Security Group Member in the Security Group.