- CheckMates
- :
- Products
- :
- Quantum
- :
- Management
- :
- Re: No logs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No logs
Hello,
The case is as follows: We have a specific source address and a specific destination address. There is no problem with communication, but there are no logs. Logging is turned on. The IP addresses are on different networks, so traffic should go through the gateway. When we ping others' destination IP address, we see logs. Any ideas why we can't see the logs for specific addresses? What can we check or change?
BR,
Mateusz
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The problem was solved by replacing the device with a newer one.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Those are ONLY logs you dont see?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, those are only logs I don't see.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I second what Phoneboy said, you need to verify with tcpdump if its even reaching the gateway. Though, I assume it must be, since you said ping is fine, but nothing else. Did you try maybe old school tracker to see if that works?
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This might be matched on another rule in the rule base than other protocols.
I would suggest checking if all relevant rules have logging and also try to turn on logging of implied rules:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you confirmed with a tcpdump and/or a traceroute that the traffic is actually passing through the gateway?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here we can see the result of the ping and tracert test.
Src: 172.21.1.60,
Dst: 172.21.16.201
CheckPoint interface IP address: 172.21.0.1/20
Below we can see logs from pinging other addresses. These logs can be seen in Smartconsola. There are no logs to the destination address.
All rules have logging enabled. Log Implied Rules are enabled.
Any ideas?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From the looks of it logs might not behave the same since this is also relates to VPN. For ping we would usually expect firewall blade. Also this is not the actual ping since this is not the same IP as dst, those look like remote GW in the VPN community?
Also you have hops missing in the tracert? This might happen because of VPN encryption.
If you try to use tcpdump, check which port/service. Probably VPN ports/services.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, the traffic is passing through the gateway - confirmed with a tcpdump.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try "old school" tracker, if that works, then its most likely indexing issue.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Alsso, make sure this is enabled on mgmt server object.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The problem was solved by replacing the device with a newer one.