- CheckMates
- :
- Products
- :
- Infinity Global Services
- :
- Infinity Portal
- :
- Re: Traffic Logs post-migration
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Traffic Logs post-migration
Hi Checkmates,
My first post. Be gentle 😉
I inherited an R80.40 (Take 211) Cloudguard Network Security environment in Azure (HA deployment). We have migrated the management to Smart-1 Cloud as part of our DR improvement and upgrade project for this environment.
The migration went well (so management is now R81.20) but we now have no traffic logs. MaaS tunnel is up, we can push policy, but log server shows disconnected:
Log Servers Connections
---------------------------------------------------------
|IP |Status|Status Description |Sending Rate|
---------------------------------------------------------
|100.64.0.52| 1|Log-Server Disconnected| 0|
---------------------------------------------------------
[Expert@GW_1:]# cat /etc/fw/conf/masters
[Policy]
NAME
[Log]
NAME
[Alert]
NAME
(where NAME is the name of the management server object with standard IP of 100.64.0.52).
Does anyone know how to get the Log Server connected?
Thanks,
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just a thought, try installing the database to all servers, and check if the log server's SIC is up
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To close this off, Install Database did work. Not sure why it didn't the first time (I'm sure it was one of the first things I did...)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just a thought, try installing the database to all servers, and check if the log server's SIC is up
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm sure I did that. I was following sk38848. Also checked masters file is not immutable.
The log server is the Smart-1 Cloud so SIC is working.
None of the connectivity tests work from that sk. But there is a route
100.64.0.0 * 255.255.255.0 U 0 0 0 maas_tunnel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @wanartisan
What does the #cpstat mg -f log_server say?
The main IP of the SmartCenter changed?
Last time, I ran into almost the same issue. In that scenario the SmartCenter was on-prem, and the GW-s were in Cloud, The GW-s send the logs to the wrong IP, the main IP of the smartCenter was unreachable for them. (because of routing and security issues)
We changed the LOG IP in masters file on the GWs, according to this articles:
https://support.checkpoint.com/results/sk/sk40090
https://support.checkpoint.com/results/sk/sk105280
and a few related articles:
https://support.checkpoint.com/results/sk/sk146112
https://support.checkpoint.com/results/sk/sk102712
I hope it helps,
Akos
\m/_(>_<)_\m/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
[Expert@GW1:0]# cpstat mg -f log_server
No product has flag 'mg'
Yes, the log server IP has changed to 100.64.0.52 which is the same IP Smart-1 Cloud always uses for the management object. In cplog_debug.elg you can see the migration script changes the IP
[9611 3981629376]fwd@GW1[Thu Aug 15 20:55:12 2024] ResetLogServers: The ip of [MGMT_NAME] was changed, the old ip is [OLD IP], the new ip is 100.64.0.52
The log also shows connectivity good to the old IP then connectivity failing to the new IP.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @wanartisan
Sorry, de correct syntax for LOG servers is this: cpstat ls -f logging
Try to edit the MASTERS file, check this https://support.checkpoint.com/results/sk/sk105280
PART 2: Edit the $FWDIR/conf/masters file to contain the desired IP address of the Log Server
Cheers,
Akos
\m/_(>_<)_\m/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
[Expert@GW1:0]# cpstat ls -f logging
No product has flag 'ls'
If you see my output above for cat /etc/fw/conf/masters you should see that the log server is set to the management object and that management object has the new IP of 100.64.0.52.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @wanartisan
In this case the NAME means de FQDN of the SmartCenter?
When I modified the masters file, i used IP insted of FQDN.
Akos
\m/_(>_<)_\m/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Yes NAME = the name of the object in SmartConsole (with IP 100.64.0.52).
I am a bit sceptical this change will help if the IP connectivity tests to the LogServer (Samrt-1 Cloud) aren't working.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If connectivity does not work at all, that must be your clue. If you are still struggling with it, I suggest a TAC case.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To close this off, Install Database did work. Not sure why it didn't the first time (I'm sure it was one of the first things I did...)
