topic Re: Spark does not log NATed traffic in Spark Firewall (SMB)

Spark does not log NATed traffic

Martin_Sykora — Wed, 16 Jul 2025 13:20:49 GMT

Hi.

On a 1595 cluster I have a manual NAT rule created that forwards Incoming traffic from the Internet that uses a custom port to a an internal IP address running a web service. I have a corresponding rule in access policy. Traffic flow is as expected and the rules does their job. However although the access policy rule is set to log, I do not see any logs of the accepted/NATted traffic.

The NAT and access policy rules have not been created by the server wizard. However by default in the wizard there is an unchecked box for logging accepted connections. It seems to me that this is the functionality I am looking, but I cannot find any checkbox for enabling this when rule is generated manually.

Do you have any idea how to get the logs working with manually created rules?

Re: Spark does not log NATed traffic

_Val_ — Wed, 16 Jul 2025 13:23:40 GMT

Can you share some screenshots? Also, what version? Local or central management?

Re: Spark does not log NATed traffic

PhoneBoy — Thu, 17 Jul 2025 00:05:55 GMT

Is your Access Policy Control set to Strict?
This is in Access Policy > Firewall > Blade Control

Re: Spark does not log NATed traffic

Martin_Sykora — Thu, 17 Jul 2025 07:14:06 GMT

We are using local management with cloud connected features for backups and extended monitoring. We are using R81.10.17 (996004653)

This is how the NAT rules look like:
This is the corresponding access policy rule:

Traffic is flowing according to rules confirmed with TCPdump. But the related logs are not in the local security logs, nor int the cloud based Quantum Spark Management

In the sever wizard, which we did not use, there is this option:

I assume that when creating the rules manually, the "accepted connections" are not logged but I cannot find such an option/checkbox within the manually created rules that could enable this

Re: Spark does not log NATed traffic

Martin_Sykora — Thu, 17 Jul 2025 07:15:02 GMT

Policy is set to standard with "log all" for both blocked and allowed traffic

Re: Spark does not log NATed traffic

PhoneBoy — Thu, 17 Jul 2025 14:03:30 GMT

Servers are not exactly NAT rules
Can you not go to Users and Objects > Network Resources > Servers and change the definition to log the connections?
Here’s my configuration for a server object:

Re: Spark does not log NATed traffic

Martin_Sykora — Fri, 18 Jul 2025 12:24:43 GMT

Well I have tried now to do it both via single IP network objects and and via new server server object (like in your screenshot). Both times the traffic flow worked as expected, But I do not get any logs for the traffic.

There should be a bunch of accepted logs with the service 9001 with the same pair of source/destination IP addresses, which was clearly working, but nothing shows up

Re: Spark does not log NATed traffic

PhoneBoy — Tue, 22 Jul 2025 13:10:26 GMT

Have you opened a TAC case on this?

Re: Spark does not log NATed traffic

Martin_Sykora — Wed, 23 Jul 2025 09:19:26 GMT

Not yet. I wanted to run this through the community first, just to see if it's not a config error on mi side.

Re: Spark does not log NATed traffic

Ashley_C — Fri, 25 Jul 2025 05:05:57 GMT

I second this question... have multiple custom inbound rules that work as expected. However, do not see any logged inbound traffic. Only rules where inbound TCP port is not redirected to a different port shows logs for outbound traffic. All other inbound rules redirect a custom TCP port to a different port (eg. TCP 1650 on WAN interface to TCP 22 on internal server); none of these rules log any traffic, despite logging enabled. All allowed traffic is logged and all denied traffic is logged.

Re: Spark does not log NATed traffic

PhoneBoy — Fri, 25 Jul 2025 13:42:33 GMT

I recommend opening a TAC case if this isn't working as expected.