cisco mars - checkpoint

I got the checkpoint configuration done so it works with MARS.

I do not see any logs coming in from checkpoint, I do have a configuration established.

These are the only logs I got so far...

E:2794154,
S:2794154 CheckPoint Audit Log: Successfully logged in/out Oct 12, 2010 3:01:02 PM CDT CheckPoint eventType:Log In, time=12Oct2010 15:01:07(1286913667) action=accept product=SmartView Tracker Operation=Log In Administrator=admin Machine=don-minate Subject=Administrator Login Additional Info=Authentication method: Password based application token Operation Number=10 N/A False Positive Tuning
E:2793576,
S:2793576,
I:2819089 CheckPoint Audit Log: Install Policy Oct 12, 2010 3:00:48 PM CDT CheckPoint eventType:Install Policy, time=12Oct2010 15:00:52(1286913652) action=accept product=SmartDashboard ObjectName=don-minate ObjectType=firewall_application ObjectTable=applications Operation=Install Policy Uid={BD80D8CE-6CF6-49B4-A666-737F3CDDE53C} Administrator=admin Machine=don-minate Subject=Policy Installation Audit Status=Success Additional Info=Security Policy : Standard Operation Number=7 N/A False Positive Tuning
E:2791894,
S:2791894 CheckPoint Audit Log: Successfully logged in/out Oct 12, 2010 2:59:33 PM CDT CheckPoint eventType:Log Out, time=12Oct2010 14:59:38(1286913578) action=accept product=CPMI Client Operation=Log Out Administrator=r-Mars Machine=S01-MARS-01 Subject=Administrator Login Operation Number=12 N/A False Positive Tuning
E:2791737,
S:2791737 CheckPoint Audit Log: Successfully logged in/out Oct 12, 2010 2:59:25 PM CDT CheckPoint eventType:Log In, time=12Oct2010 14:59:30(1286913570) action=accept product=CPMI Client Operation=Log In Administrator=r-Mars Machine=S01-MARS-01 Subject=Administrator Login Additional Info=Authentication method: Internal Password Operation Number=10

Also my connections works
[pnadmin]$ tcpdump port 18184
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:30:30.042065 IP fw.company.com.18184 > S01-MARS-01.38097: . 3789059731:3789061179(1448) ack 957354641 win 65535 <nop,nop,timestamp 16158120 20134560>
15:30:30.043639 IP S01-MARS-01.38097 > fw.company.com.18184: . ack 1448 win 126 <nop,nop,timestamp 20135564 16158120>
15:30:30.042534 IP fw.company.com.18184 > S01-MARS-01.38097: . 1448:2896(1448) ack 1 win 65535 <nop,nop,timestamp 16158120 20134560>
15:30:30.042550 IP S01-MARS-01.38097 > fw.company.com.18184: . ack 2896 win 126 <nop,nop,timestamp 20135564 16158120>
15:30:30.042557 IP fw.company.com.18184 > S01-MARS-01.38097: . 2896:4344(1448) ack 1 win 65535 <nop,nop,timestamp 16158120 20134560>

tcp 0 0 10.10.0.53:38097 10.10.50.4:18184 ESTABLISHED
tcp 0 0 10.10.0.53:38098 10.10.50.4:18184 ESTABLISHED

Question, does any one ever setup MARS with checkpoint. It looks like checkpoint runs on windows box.

I do not have access to it, I am working with the guy that has no clue as well, and still won't give me access.

I need logs for NAT Translations, build up sessions, denied connections, etc..

Please help!!!!!
Thanks

Blogs and organic groups at http://www.ccie.net
Received on Tue Oct 12 2010 - 20:33:59 ART