Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

checkpoint rule changes using csmars

is it possible to see what rule changes were done on a checkpoint ngx firewall using csmars.

e.g. what rule was changed, added, deleted

Thanks

4 REPLIES
New Member

Re: checkpoint rule changes using csmars

I am afraid that your question is confusing. MARS is not supposed to change the rules on any particular firewall weather its checkpoint, netscreen, pix or ASA. All you can do or find is, what rule was triggered on MARS based on a syslog message from that particular device.

MARS is sort of a passive device (until configured it for automatic mitigation, which by far till now is useless :( ) which collects the messages from all the devices in the network in the form of syslogs, correlates all the events to form sessions and presents them for rule inspection. If any of the session triggers a default of user made rules, it generate an incident.

Do let me know if i got your question wrong, otherwise plz rate if its helpful.

regards,

Mohsin

New Member

Re: checkpoint rule changes using csmars

Hi,

Thanks for the response. may be my question was confusing

if you have worked on checkpoint, where you have policy rules and you push the policy.

csmars collects all logs , what i wanted to know is whether it can also track what within the checkpoint has changed.

hope this time my question is fine

New Member

Re: checkpoint rule changes using csmars

Hi,

I am sure that LEA is used for the standard (traffic) logs, while what you're looking for is what CheckPoint calls the AUDIT logs.

I've used LEA successfully for importing standard logs, but haven't tried this yet. I think you must configure the CPMI parameters on the Checkpoint side to get this information.

Regards, Joe

New Member

Re: checkpoint rule changes using csmars

The answer is no)

161
Views
0
Helpful
4
Replies
CreatePlease login to create content