V 2.0 : FG VPN-1 & Firewall-1 Events
Vendor Documentation
Classification
| Rule Name | Rule Type | Common Event | Classification |
|---|---|---|---|
| V 2.0 : FG VPN-1 & Firewall-1 Events | Base Rule | General Network Traffic | Network Traffic |
| V 2.0 : Firewall Message Dropped | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| V 2.0 : Firewall Message Rejected | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| V 2.0 : Firewall Message Accepted | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
| V 2.0 : Firewall Message Blocked | Sub Rule | Traffic Denied by Network Firewall | Network Deny |
| V 2.0 : Firewall Message Allowed | Sub Rule | Traffic Allowed by Network Firewall | Network Allow |
Mapping with LogRhythm Schema
| Device Key in Log Message | LogRhythm Schema | Data Type | Schema Description |
|---|---|---|---|
| virtuallogsource | N/A | N/A | N/A |
| subproduct | N/A | N/A | N/A |
| Product | <vmid> | Text/String | Product name |
| Originip | N/A | N/A | IP of the log origin |
| origin | N/A | N/A | Name of the first Security Gateway that reported this event |
| Action | <action> | Text/String | N/A |
| SIP | <sip> | IP Address | Source IP |
| SPort | <sport> | Number | Source host port number |
| DIP | <dip> | IP Address | Destination IP |
| dport | <dport> | Number | Destination host port number |
| protocol | <protnum> | Number | Protocol detected on the connection |
| ifname | <sinterface> | Text/String | The name of the Security Gateway interface through which a connection traverses |
| ifdirection | N/A | N/A | N/A |
| Reason | <reason> | Text/String | Information on the error occurred |
| Rule | N/A | N/A | N/A |
| Info | N/A | N/A | N/A |
| XlateSIP | <snatip> | IP Address | N/A |
| XlateSport | <snatport> | Number | N/A |
| XlateDIP | <dnatip> | IP Address | N/A |
| XlateDPort | <dnatport> | Number | N/A |
| User | N/A | N/A | Source user name |
| alert | N/A | N/A | N/A |
| icmp-code | N/A | N/A | N/A |
| icmp-type | N/A | N/A | N/A |
| matched_category | N/A | N/A | N/A |
| rule_name | <command> | Text/String | Access rule name |
| Url | N/A | N/A | N/A |
| src_machine_name | <sname> | Text/String | Machine name of the source |
| dst_machine_name | <dname> | Text/String | Machine name of the target |
| src_user_name | <login> | Text/String | User name of the source |
| dst_user_name | <account> | Text/String | User name of the target |
| Query_snid | N/A | N/A | N/A |
| OriginZone | N/A | N/A | Indicates whether the source zone is internal or external |
| ImpactedZone | N/A | N/A | Indicates whether the destination zone is internal or external |
| Service | N/A | N/A | Connection destination int/service int |
| conn_direction | N/A | N/A | Determines the direction of the connection |
| contextnum | N/A | N/A | N/A |
| flags | N/A | N/A | Checkpoint internal field |
| logid | N/A | N/A | N/A |
| loguid | N/A | N/A | UUID of unified logs |
| originsicname | N/A | N/A | Machine SIC |
| sequencenum | N/A | N/A | Number added to order logs with the same Linux timestamp and origin |
| version | N/A | N/A | Software/hardware version |
| __nsons | N/A | N/A | N/A |
| __p_dport | N/A | N/A | N/A |
| __policy_id_tag | <policy> | Text/String | Checkpoint internal field |
| __pos | N/A | N/A | N/A |
| bytes | N/A | N/A | N/A |
| client_inbound_bytes | <bytesout> | Number | Number of bytes received during connection |
| client_inbound_interface | N/A | N/A | N/A |
| client_inbound_packets | <packetsout> | Number | Number of packets received during connection |
| client_outbound_bytes | <bytesin> | Number | Number of bytes sent during connection |
| client_outbound_interface | N/A | N/A | N/A |
| client_outbound_packets | <packetsin> | Number | Number of packets sent during connection |
| context_num | N/A | N/A | N/A |
| dst_user_dn | N/A | N/A | N/A |
| elapsed | N/A | N/A | N/A |
| fg-1_client_in_rule_name | N/A | N/A | N/A |
| fg-1_client_out_rule_name | N/A | N/A | N/A |
| fg-1_server_in_rule_name | N/A | N/A | N/A |
| fg-1_server_out_rule_name | N/A | N/A | N/A |
| hll_key | N/A | N/A | N/A |
| lastupdatetime | N/A | N/A | N/A |
| layer_name | N/A | N/A | N/A |
| layer_uuid | N/A | N/A | N/A |
| match_id | N/A | N/A | N/A |
| parent_rule | N/A | N/A | N/A |
| rule_action | N/A | N/A | N/A |
| rule_uid | N/A | N/A | Access policy rule ID on which the connection was matched |
| nat_addtnl_rulenum | N/A | N/A | N/A |
| nat_rulenum | N/A | N/A | N/A |
| packets | N/A | N/A | N/A |
| segment_time | N/A | N/A | N/A |
| server_inbound_bytes | N/A | N/A | N/A |
| server_inbound_interface | N/A | N/A | N/A |
| server_inbound_packets | N/A | N/A | N/A |
| server_outbound_bytes | N/A | N/A | N/A |
| server_outbound_interface | N/A | N/A | N/A |
| server_outbound_packets | N/A | N/A | N/A |
| sig_id | N/A | N/A | N/A |
| src_user_dn | N/A | N/A | N/A |
| start_time | N/A | N/A | Action start time of the connection |
| https_inspection_action | N/A | N/A | N/A |
| vpn_feature_name | N/A | N/A | N/A |
| community | N/A | N/A | N/A |
| encryption_failure: | N/A | N/A | N/A |
| methods: | N/A | N/A | N/A |
| partner | N/A | N/A | N/A |
| peer_gateway | N/A | N/A | N/A |
| scheme: | N/A | N/A | N/A |