topic Re: IDC events not coming on Firewall in Firewall and Security Management

IDC events not coming on Firewall

ajsingh — Thu, 20 Feb 2025 16:17:46 GMT

Hi All,

I recently installed IDC on a separate Window server and configured it as per the Guide.

I have connected to 6 of my DC's and its receiving events fine. Then i connected one Firewall which is in the same virtual Network and it is receiving all the events and i see users and Machine identities in my firewall.

FW (identity source)----->Identity collector

Now I have added another firewall and it is connected and IDC shows connected and Events are being sent . On firewall, I dont see any user/Machine identities getting updated .

Firewall (Identity source)----->VPN site to site----->Identity collector

Is there something else I have to do for Events to go over VPN tunnel to my Firewalls that is trying to get identities from IDC ? Because if its is not over VPN tunnel , its working fine.

Both Firewalls are R81.20 and have same configuration and IDC shows both connected and events are being sent and I do see numbers increase in IDC.

Re: IDC events not coming on Firewall

the_rock — Thu, 20 Feb 2025 17:52:54 GMT

Maybe a silly question, but did you make sure windows fw is off on that machine?

Andy

Re: IDC events not coming on Firewall

ajsingh — Thu, 20 Feb 2025 18:15:36 GMT

Hi,

Yes it is off, since one firewall is working fine.

Re: IDC events not coming on Firewall

the_rock — Thu, 20 Feb 2025 18:27:07 GMT

K, I see what you meant in your post. So, the one that fails, the difference is it goes over vpn tunnel. Can you do capture and make sire IC ip is not getting dropped? Run fw monitor and then in other ssh window run zdebug

So say IC ip is 10.10.10.10, do something like this:

ssh 1 -> fw monitor -e "accept host(10.10.10.10);"

ssh 2 -> fw ctl zdebug + drop | grep 10.10.10.10

Re: IDC events not coming on Firewall

ajsingh — Thu, 20 Feb 2025 18:35:23 GMT

Hi,

I just confirmed that traffic indeed is coming at port 443 and there is no drop in the traffic. I do see vpn logs too and nothing looks out of place. All connectivity looks fine 😞

Re: IDC events not coming on Firewall

the_rock — Thu, 20 Feb 2025 18:40:19 GMT

I would try restart IC machine to see if it makes any difference. Maybe also run pdp update all on the problematic gateway.

Andy

Re: IDC events not coming on Firewall

ajsingh — Thu, 20 Feb 2025 18:53:48 GMT

output from my problematic firewall :

Re: IDC events not coming on Firewall

the_rock — Thu, 20 Feb 2025 19:27:17 GMT

That 100% looks right to me. I would open TAC case about it to see what they say.

Andy

Re: IDC events not coming on Firewall

the_rock — Fri, 21 Feb 2025 00:10:35 GMT

One thing I would do is maybe try do IA debugs on the fw and see what gives.

commands are pep debug on and pdp debug on (off to turn off). Once done, check $FWDIR/dir log for pep and pdp log files.

Hope that helps.

Andy

Re: IDC events not coming on Firewall

ajsingh — Fri, 21 Feb 2025 17:30:26 GMT

Thank you all for your replies. am heading for my vacation for next week. I will open tac case now once am back 🙂

Re: IDC events not coming on Firewall

the_rock — Fri, 21 Feb 2025 17:46:38 GMT

Have a nice vacation!

Andy