SCP logs from CheckPoint firewall

book

Article ID: 184580

calendar_today

Updated On:

Products

CASB Audit CASB Gateway Advanced

Issue/Introduction

Configured data source in Audit to receive logs directly from CheckPoint firewall via SCP, but the transfer fails with encryption error. 

no matching mac found: client hmac-md5,hmac-sha1,hmac-ripemd160,[email protected],hmac-sha1-96,hmac-md5-96 server hmac-sha2-256,hmac-sha2-512

Cause

CloudSOC only supports secure encryption algorithms (sha2).

Environment

CheckPoint R80.10

Resolution

Send logs to SpanVA within your network using FTP and set up a SpanVA data source.