Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Teddy_Brewski
Contributor
Jump to solution

Management server behind NAT: cannot get logs from one cluster

Hello,

R80.40 Management Server behind NAT managing three clusters: two on-site R77.30s and one remote R77.20 (1450 appliances).

NAT on the Management is configured as per below:

Capture1.PNG


The internal IP of the Management Server is in the subnet shared between two on-site clusters.

I have no issues pushing the policy to all three clusters. I also successfully receive logs from the remote cluster and one on-site cluster listed in "Install on Gateway" field, however I do not get logs from the third cluster.

'netstat -nap' on the problematic cluster shows that it tries to access the NATed IP. I went through sk100583 and sk129933, and tried to play with routing (routing NATed IP to the working cluster) but it doesn't seem to help.

My question is: shall "Install on Gateway" be set to All?

Thank you.

 

0 Kudos
1 Solution

Accepted Solutions
Norbert_Bohusch
Advisor
No.
Even though I often heard from Check Point that both IPs (NAT and normal) are contacted from all gateways not doing the NAT itself, I always encountered the same issue that only the NAT IP is contacted.

The only solution I found useful is:
Configure the problematic cluster(s) to use config from $FWDIR/conf/masters file instead of overwriting this information through policy push: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Edit $FWDIR/conf/masters on problematic gateways and change object name to internal IP.

View solution in original post

3 Replies
Norbert_Bohusch
Advisor
No.
Even though I often heard from Check Point that both IPs (NAT and normal) are contacted from all gateways not doing the NAT itself, I always encountered the same issue that only the NAT IP is contacted.

The only solution I found useful is:
Configure the problematic cluster(s) to use config from $FWDIR/conf/masters file instead of overwriting this information through policy push: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Edit $FWDIR/conf/masters on problematic gateways and change object name to internal IP.
Maarten_Sjouw
Champion
Champion
First question I have is, What IP did you put in the 1450 for the management server, when you told it to look for the management server? That should be the NAT address.
Log is initiated from the Gateway to the management server on port 257, so also double check your logs to see if there is not accidentally some dropped traffic for the logging.
Regards, Maarten
0 Kudos
Teddy_Brewski
Contributor
Many thanks -- it worked!
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events