Firewall Log monitoring

[yogi_ccse]

Hi,

I am monitoring FW logs from last few weeks based on following :-
1. Packet drops: Reason for their drop, Rule (clean up, stealht rule or any other rule) & chekc with the concerned for their reason to reduce noise.
2. Port scanning attempt on FW
3. Address spoofing messages if any.
4. Smartdefense entries (thoughw e have not configured it fully)
5. Firewall Changes done in a months time and they are complaint or not.i.e Firewall change request was raised or not.
6. Admin/other user login success/failure

but How can we ehance FW log monitoring, we've configured fwlogsum.
but how to detect port scanning in logging (I've enabled in smartdefense), and other malicious traffic details, like virus etc.

Any suggesions are welcomed.
thx
Yogi

[chillyjim]

Eventia suite? Check point's own analyzer and reporter will do everything you are asking for and more.

[chandruenn]

Hi,

I am very new to cpfw.

But, i am installing the cpfw on SPLAT with HA. Meanwhile, the rules setup has been done. I am facing some problems on sending & receiving the mails.

The topology is like, router, firewall R62.

At the same time i am in the stage to install the checkpoint vpn.

So, can anyone pls help me out on the same.

thanks in advance.

chandru.

[yogi_ccse]

Hi,
whats ut topology,
What rules have u configured.
have u configured NAtting?
do u ve ACL's on perimter router.

VPN bet two CP or CP & Cisco VPN etc.

revert.
YT

[yogi_ccse]

Hi,
thx but eventia is a priced product.
any free tool?

Thx
YT