topic Re: CRL Traffic Not Appearing in the Logs in General Topics

CRL Traffic Not Appearing in the Logs

peter7 — Tue, 08 Apr 2025 17:59:40 GMT

Recently one of the 3rd parties we connect to moved their services to AWS and as a result we identified an issue connecting to their site. We checked the logs and could see the allowed https traffic going to AWS, however we were unable to see any other dropped traffic to AWS. From further investigation we were able to identify that the traffic to connect for the CRL check on port 80 could be seen from a packet capture taken from the firewall, however this was was not showing in the logs despite no rules to allow access e.g., we were expecting to see this as dropped in the logs. After updating the policy to allow this traffic it is now showing in the logs as allowed.

We are currently running R81.10 on a VSX platform.

Has anyone else come across this situation whereby crl traffic is not showing as being dropped in the firewall logs but does appear in a packet capture?

Re: CRL Traffic Not Appearing in the Logs

the_rock — Wed, 09 Apr 2025 00:08:42 GMT

Do you see anything on port 18264? That should be relevant to CRL.

Andy

Re: CRL Traffic Not Appearing in the Logs

PhoneBoy — Wed, 09 Apr 2025 13:16:37 GMT

I assume the CRL traffic would normally be permitted through implied rules which don’t log by default.
Why it’s not logging when it drops is a separate question.

Re: CRL Traffic Not Appearing in the Logs

Lesley — Mon, 14 Apr 2025 19:27:57 GMT

CRL check is not on port 80 also CRL check is not 'needed / required' for 3rd party VPN's. Most of the time there are PSK based.