Hello Ramesh, I am back in the office. Yes, you should be able to forward logs from multiple firewalls to a single CLM. Here are the steps you should perform to set up this configuration. I'm sure you have performed some these because you are able to log from the COMSAT FW. The configuration for the customer FW should use the same steps. Define the CLM Establish SIC communication from the CMA to the CLM Define the firewall object on your CMA Select the Logs and Masters option Select the Masters option and include the CMA as a master Select the Log Servers option and include the CLM as a log server Establish SIC communication from the CMA to the firewall Install a policy on the firewall that allows log traffic from the Firewall to the CLM Install the user database on the CLM (this must occur every time you define a new firewall) On the firewall, the $FWDIR/conf/masters file should look something like this: [Policy] CMA-Perimeter [Log] CLM-Perimeter [Alert] CLM-Perimeter Do you see connection requests to port 257 leave the firewall? TCPDUMP on the FW will show this if the policy is allowing the traffic and you can verify the source and destination addresses. The log traffic will be sourced from the licensed interface address. Does the CLM network have routing to the licensed interface network? If this traffic is leaving the FW, is it reaching the CLM? Let me know what you find. Thanks, Andy Latimer Lockheed Martin C&NS Office: (407) 306-4678 E-Mail: andy.latimer@xxxxxxxx -----Original Message----- >From: Ramesh.Gaikwad@xxxxxxxxxxxxx [mailto:Ramesh.Gaikwad@xxxxxxxxxxxxx] Sent: Monday, July 01, 2002 7:20 AM To: Latimer@xxxxxxxxxxxxxxxx; Andy Cc: ob.jacob@xxxxxxxxxxxxx; atul.dalal@xxxxxxxxxxxxx Subject: Re:RE: Customer Log Module Configuration in NG FP1 Dear Andy, Thanks for your reply.I am able to establish the SIC between My customer log module and the CMA of my firewall(comsat max firewall).Regarding your suggestion in the your mail I am able to install user database in the the CLM object only after establishing SIC with CLM. The CLM object with which SIC is established is created with valid IP address.I am also able to forward the comsatmax firewall log to my customer log module.But same thing I am not able repeat for my customer's firewall. The CLM is in the network of one of the interface of my firewall.There are few questions in my mind. 1. SIC already created beween CLM and CMA of comsatmax firewall. Whether a CLM is able to establish SIC with multiple CMAs? 2.If yes then How many Management server or CMA can establish SIC with one CLM.? 3.What is the procedure to establish the SIC between one CLM and multiple CMAs.? 4.Is there any configuration required to be done at CLM side or at CMA side(i.e provider-1)?. Bottom line: How to forward logs of the multiple firewalls to one CLM in NG FP1??. Thanks and Regards, Ramesh ____________________Reply Separator____________________ Subject: RE: Customer Log Module Configuration in NG FP1 Author: "Latimer, Andy" <andy.latimer@xxxxxxxx> Date: 6/21/02 9:11 PM You are very welcome. I enjoyed working with you and all the other international sites and have no problem providing assistance when possible in the future. As far as your CLM problem, this sounds like a problem we encountered when we were testing the NG MLM component. NG components all talk to each other using SIC communication and require knowledge of the SIC name of all components they talk to. This name is located in the objects.C file and this file must be pushed from the management station to the log server. I believe what you must do is select the "policy" option from the policy editor window and the select "install users database". This should provide a list of objects that are defined with Check Point products. Select the CLM and run the install. I believe this will allow SIC communication and enable logging. It took us a while to figure out how this works. Let me know if this works. Thanks, Andy Latimer Lockheed Martin C&NS Office: (407) 306-4678 E-Mail: andy.latimer@xxxxxxxx -----Original Message----- >From: Ramesh.Gaikwad@xxxxxxxxxxxxx [mailto:Ramesh.Gaikwad@xxxxxxxxxxxxx] Sent: Friday, June 21, 2002 10:46 AM To: andy.latimer@xxxxxxxx Cc: ob.jacob@xxxxxxxxxxxxx Subject: Customer Log Module Configuration in NG FP1 Dear Andy, This is Ramesh from comsat Max India. We have upgraded our own firewall and the our customer's firewall to version NG FP1 and we have also moved provider-1 Brazil. I would like to thank you for your extended support during when we were with Provider-1 at Orlando. After upgrading our firewall to version NG FP1. We also upgraded our Customer Log Module to same version. The CLM is in our premises. But after upgrading CLM, the firewall is unable to forward log to CLM. It is forwarding log only to the CMA.We have done appropriete configuartion in the firewall object. But still it is not forwarding logs to the CLM. If you know the procedure to Forward log onto CLM, please let me know.In the version 4.1 we were able to forward logs to CLM. But it is not happening in the case of NG version. Thanks and Regards, Ramesh