cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Management server behind NAT: cannot get logs from one cluster

Jump to solution

Hello,

R80.40 Management Server behind NAT managing three clusters: two on-site R77.30s and one remote R77.20 (1450 appliances).

NAT on the Management is configured as per below:

Capture1.PNG


The internal IP of the Management Server is in the subnet shared between two on-site clusters.

I have no issues pushing the policy to all three clusters. I also successfully receive logs from the remote cluster and one on-site cluster listed in "Install on Gateway" field, however I do not get logs from the third cluster.

'netstat -nap' on the problematic cluster shows that it tries to access the NATed IP. I went through sk100583 and sk129933, and tried to play with routing (routing NATed IP to the working cluster) but it doesn't seem to help.

My question is: shall "Install on Gateway" be set to All?

Thank you.

 

0 Kudos
1 Solution

Accepted Solutions
Highlighted

Re: Management server behind NAT: cannot get logs from one cluster

Jump to solution
No.
Even though I often heard from Check Point that both IPs (NAT and normal) are contacted from all gateways not doing the NAT itself, I always encountered the same issue that only the NAT IP is contacted.

The only solution I found useful is:
Configure the problematic cluster(s) to use config from $FWDIR/conf/masters file instead of overwriting this information through policy push: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Edit $FWDIR/conf/masters on problematic gateways and change object name to internal IP.

View solution in original post

3 Replies
Highlighted

Re: Management server behind NAT: cannot get logs from one cluster

Jump to solution
No.
Even though I often heard from Check Point that both IPs (NAT and normal) are contacted from all gateways not doing the NAT itself, I always encountered the same issue that only the NAT IP is contacted.

The only solution I found useful is:
Configure the problematic cluster(s) to use config from $FWDIR/conf/masters file instead of overwriting this information through policy push: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Edit $FWDIR/conf/masters on problematic gateways and change object name to internal IP.

View solution in original post

Highlighted

Re: Management server behind NAT: cannot get logs from one cluster

Jump to solution
First question I have is, What IP did you put in the 1450 for the management server, when you told it to look for the management server? That should be the NAT address.
Log is initiated from the Gateway to the management server on port 257, so also double check your logs to see if there is not accidentally some dropped traffic for the logging.
Regards, Maarten
0 Kudos
Highlighted

Re: Management server behind NAT: cannot get logs from one cluster

Jump to solution
Many thanks -- it worked!
0 Kudos