What reinhard is referring to is the "dummy-object" approach where you define the secondary mgmt object with static-IP of your management server. However, if I am not mistaken, starting with R55 and higher, in the management server object itself, you have a check box where you can specify that your management is behind your local firewall so that it knows what to do. There is still limitation to this though. The best idea, in my opinion, is to give your management a public IP address and route this IP through your local firewall. That way, you will not have any problems because checkpoint uses SIC and certificate and when NAT is involved, there can be problems. From a technical point of view, there is no difference between static NAT and public IP because the whole world knows your public IP anyway. What matter is what you do on the security policy of the local firewall to protect your management server windows 2003. FYI, I ran into this problem all the times especially when the managment server is sitting behind a Cisco Pix firewall. The solution is to either go with what Reinhard described above (keep in mind that there are limitations with what you can do with this approach due to SIC and certificate), or go assigned public IP to your management server. I usually go with the later approach if I know that I have a very strong security policy on the Cisco Pix (in your case, your local checkpoint firewall). my 2 cents. cisco4ng
Reinhard Stich <[EMAIL PROTECTED]> wrote: hi, the best idea for that is to define a secondary mgmt object with static-NAT IP of you mgmt-server. then define this object as log-server and mgmt-server for your remote gateway. cheers reinhard At 12:52 27.01.2006, you wrote: >Hi, > >I have a central magagment server and two firewalls, one on the same lan >as the managment server and one remote. >I get logs for the local firewall but not for the remote. > >I have a rule for this FW to Managment server allow FW1_log >I can get the log trough remote file managment. > >The firewalls are Nokia with 3.8.1-BUILD029 and CPfw1-R55p >The managment server is a windows 2003 > >The setup for the local and remote firewall are the same. >At Logs and Masters: > Schedule log switch at Midnight > >Aditional logging > Forward logs to Managment server > Schedule at Midnight > >Masters > Define Masters -> Managment server > >Log Servers > Define Log servers -> Managment Server > >What must i do to get his working ? > >TIA > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= -- Reinhard Stich ASSIST [EMAIL PROTECTED] Internet Security AG, 1150 Wien, Johnstrasse 29 Tel: +43 1 3709440 RS784-RIPE Fax: +43 1 3709440-333 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --------------------------------- What are the most popular cars? Find out at Yahoo! Autos ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
