Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Leon_Jaimes
Explorer

Missing connection logs from 6500 gateway with R80.20 Take 18

Hello,

I just set up a 6500 gateway running the R80.20 Take 18 image and Security Management Server on VMware running R80.20 M2, don't have the build handy on that.  This is a fairly sensitive environment, so I am hesitant to deploy R80.30 yet, but I have not done any technical digging into the relationship between the 6000 series and R80.30. 

I set up a handful of very basic policies, essentially the "Admin Access to Gateways", "Stealth", and then a few other rules which I have since removed and now only have those two followed by a Test rule that is any/any/accept/log to troubleshoot.

The Gatewat topology is:

  • Mgmt connected to 10.20.20.0/24 as 10.20.20.100
  • eth1 connected to a laptop as 10.30.30.0/24 and 10.30.30.1 on the interface and the 10.30.30.2 on laptop-A.
  • eth8 connected to another laptop as 34.34.34.0/29 and 34.34.34.1 on the interface and 34.34.34.5 on the laptop-B.
  • There is a static NAT on the 10.30.30.2 object with IP 34.34.34.2, and a webserver running on laptop-A.

The SMS is:

  • eth1 connected to 10.20.20.0/24 as 10.20.20.200

Blades enabled are:

  • Firewall
  • Application Control
  • URL Filtering
  • Identity Awareness
  • Content Awareness
  • IPS
  • Anti-Virus
  • Anti-Bot

SIC is fine, and there are some logs from the gateway about system events, but nothing for traffic.  I can ping from Laptop-B to Laptop-A and I can see the connections with fw monitor hitting i I O o.  The webpage loads, so NAT is working.

I have been troubleshooting using sk40090 and none of the suggestions there have helped.

I noticed that $FWDIR/conf/log_policy.C did not match, but that was not something that I recall having to set up in the past.

I also noticed that in the General Properties of the gateway object, there is not a selection fro 6000 series, so I have that set to Other right now, but had initially tried using the settings for the 5000 series.

The topology in the gateway object matches the the way the interfaces are configured, and anti-spoofing is turned off.

I feel like I am missing something that is right in front of me.  I'm away from the project for the next week, and I just went through DemoPoint and didn't see anything that looked different than the way I have it set up.  Thought I'd put this out to you all and see what suggestions might come back.

Cheers,

Leon

0 Kudos
4 Replies
This widget could not be displayed.