cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
Martijn
Nickel

GRE traffic not shown in log

Hi all,

Two weeks ago, I migrated a R77.30 cluster on 12200 appliances to a R80.30 cluster on 6500 appliances. Installed jumbo hotfix is take 111.

It was an advanced migration, so we installed a new SmartCenter, exported the database from R77.30 to R80.30 with the R80 migration tools and imported the database with the same migration tools. Rule base, IP interfaces and routes did not changed. Also nothing was changed on the network.

The migration was successful and no problems where reported. But we have one strange issue with the log of GRE tunnels. 

Customer has several GRE tunnels passing the Check Point gateway (so Check Point is not an endpoint for these GRE tunnels) and these GRE tunnels are working fine.  But we do not see any logs regarding GRE in SmartLog. Even when the GRE tunnel is initiated again. We can see the traffic with tcpdump and fw monitor, but SmartLog remains empty.

When we look at SmartLog from the old R77.30 environment (we still have access to the old SmartCenter) we can see logs regarding GRE. 

Has anyone seen this before on R80.30? I have a case open with Check Point support, but the chances are we need to run a debug and initiate the GRE tunnel again. And initiating the GRE tunnel causes a big impact on the customers processes.

So I hope one of you has seen this before and has a solution that does not involve initiating the tunnel again.

Thanks.

Regards, 

Martijn.

 

0 Kudos
3 Replies
Admin
Admin

Re: GRE traffic not shown in log

Hadn’t heard of this being an issue.
It likely needs to be debugged to find the root cause, though.
0 Kudos

Re: GRE traffic not shown in log

As far I know on R80.10 catch GRE Tunnel connection logs.

Check the GRE-47 protocol on services and rule log configurations 🙂

0 Kudos
Martijn
Nickel

Re: GRE traffic not shown in log

Hi,

We maybe have an idea of what is going on and would like to know how you think of this idea.

In the R77.30 setup, the VPN blade was enabled because in the past the Check Point cluster was used for VPN tunnels. In the new R88.30 setup, the VPN blade is disabled because the Check Point cluster is not used for VPN tunnels anymore.

Maybe the VPN blade is needed for the logging of GRE traffic even Check Point is not an endpoint for the GRE tunnels.

I have asked this question also on the support engineer, but maybe one of you has the answer.

Regards,

Martijn.

0 Kudos