Monday, May 14, 2018

forcepoint NGFW log forwarding

Log forwarding from the  forcepoint   LogServer or  MgtServer is simple and supports a few options.

With regards to filter, this is the same approach in  PANOS where you can define  filter  requires for sending specific flow to the remote collector. In my 1st case ATL_SERVER has a filter type defined

Now for the bad, the LogServer is a centralize device, so from a concept with regards to logging the logs are generate at the NGFW engines  and carried back to the log server. 

The log server now regenerates logs to be dump as netflow or syslog for example. This can cause  some concerns if you have  numerous  NGFW engines dispatch globally and the logServer is not local to the NGFW engine.

Since if connectivity is lost, the flow could be delayed until path recovery has taken place.

