- Products
- Learn
- Local User Groups
- Partners
- More
Check Point Jump-Start Online Training
Now Available on CheckMates for Beginners!
Welcome to Maestro Masters!
Talk to Masters, Engage with Masters, Be a Maestro Master!
ZTNA Buyer’s Guide
Zero Trust essentials for your most valuable assets
The SMB Cyber Master
Boost your knowledge on Quantum Spark SMB gateways!
Check Point's Cyber Park is Now Open
Let the Games Begin!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
CheckFlix!
All Videos In One Space
Hi,
We had MDS in HA with different DMS. Gateways send logs to MDS using NATted address.
All was ok before we changed public address for NAT for one of DMS. After we changed it gateways started logging locally and cannot send logs to Management Server.
IP was changed on SmartConsole and following sk103356.
cpstat fw -f log_connection shows:
Overall Status Description: Security Gateway is unable to report logs to any log server
Local Logging Mode Description: Writing logs locally due to connectivity problems
How can we fix it?
Thanks.
On a gateway that is logging locally, what IP address is the gateway trying to reach for sending logs? Run netstat -an | grep :257 to to check this. If it is still trying to send to the old IP address and policy has already been reinstalled, you'll probably need to kill the fwd daemon and let it restart. Note that doing so will cause a failover in a HA environment and may cause brief traffic issues. I've seen many situations where fwd refuses to let go of an old logging address, even though policy has been reinstalled with the new one set and restarting fwd is the only way to fix it.
If it is sending to the right NAT address you have some other connectivity issue, probably at the intervening gateway that is actually performing the NAT operation for the logging port 257 traffic.
Thanks for your reply.
As I see gateways try to send logs to the new IP, but cpstat fw -f log_connection shows that Logs Servers are disconnected.
Also firstly I didn't do SIC reset on gateways, only changed IP for console object (Management Public IP) and in registry following sk103356. But when I did SIC reset after - IP in the registry has changed back to the old one.
New IP is from the same network as old one, that's why very strange what connectivity issue can be for it.
Do I need to make any changes on the MDS side?
Yes so it is trying to hit the correct IP address for logging, but what is the state of the port 257 connection shown on the gateway by netstat? SYN_SENT? CONNECTED? FIN?
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY