https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-appliances-not-logging-NAT-on-networks-behind-VLANs/m-p/94662#M4065 <P>Sounds like we might need a TAC case after trying R80.20.10</P> Wed, 19 Aug 2020 23:01:21 GMT PhoneBoy 2020-08-19T23:01:21Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-appliances-not-logging-NAT-on-networks-behind-VLANs/m-p/94429#M4040 <P>There is an inconsistency in logging traffic from Internal networks connected to the LAN# interfaces and LAN#.## VLANs of SMB appliances.</P> <P>On my 1550 R80.20.05 (992001208), with two networks defined, 10.x.x.x on LAN1 and 192.x.x.x on LAN2.10, Global NAT for Internal Networks enabled:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="1550_Networks.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/7685iB0F6BB593B17D3D2/image-size/large?v=v2&amp;px=999" role="button" title="1550_Networks.png" alt="1550_Networks.png" /></span></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Global_NAT_Settings_for_Internal_Networks.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/7688i8761472061B4E331/image-size/large?v=v2&amp;px=999" role="button" title="Global_NAT_Settings_for_Internal_Networks.png" alt="Global_NAT_Settings_for_Internal_Networks.png" /></span></P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="1550_NAT_Logged_Properly.png" style="width: 921px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/7686i2FD59C44F3D5D40A/image-size/large?v=v2&amp;px=999" role="button" title="1550_NAT_Logged_Properly.png" alt="1550_NAT_Logged_Properly.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="1550_NAT_NOT_Logged_Properly.png" style="width: 921px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/7687iF8F5FC5F826B2943/image-size/large?v=v2&amp;px=999" role="button" title="1550_NAT_NOT_Logged_Properly.png" alt="1550_NAT_NOT_Logged_Properly.png" /></span></P> <P>&nbsp;</P> <P>NAT is actually working fine, but the logs are all over the place:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Windows_Server_MYIP_Lookup.png" style="width: 634px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/7689i06B19DF62590EDC0/image-size/large?v=v2&amp;px=999" role="button" title="Windows_Server_MYIP_Lookup.png" alt="Windows_Server_MYIP_Lookup.png" /></span></P> <P>&nbsp;</P> <P>Also, in the Security Logs List view, we can see the Interfaces:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="1550_NAT_Logs.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/7690i2B557124D842DC72/image-size/large?v=v2&amp;px=999" role="button" title="1550_NAT_Logs.png" alt="1550_NAT_Logs.png" /></span></P> <P>But in Log Details, this data is absent.</P> <P>Additionally, there is no way that I see to define the Network as "Internal":</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="1550_Network_Properies.png" style="width: 451px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/7691i249E5E8DDDF33C7B/image-size/large?v=v2&amp;px=999" role="button" title="1550_Network_Properies.png" alt="1550_Network_Properies.png" /></span></P> Mon, 17 Aug 2020 22:33:49 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-appliances-not-logging-NAT-on-networks-behind-VLANs/m-p/94429#M4040 Vladimir 2020-08-17T22:33:49Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-appliances-not-logging-NAT-on-networks-behind-VLANs/m-p/94662#M4065 <P>Sounds like we might need a TAC case after trying R80.20.10</P> Wed, 19 Aug 2020 23:01:21 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-appliances-not-logging-NAT-on-networks-behind-VLANs/m-p/94662#M4065 PhoneBoy 2020-08-19T23:01:21Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-appliances-not-logging-NAT-on-networks-behind-VLANs/m-p/94664#M4066 <P>If you are going to open an SR, please include the bit about missing interface data in the body of the events.</P> Wed, 19 Aug 2020 23:04:57 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-appliances-not-logging-NAT-on-networks-behind-VLANs/m-p/94664#M4066 Vladimir 2020-08-19T23:04:57Z