This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
KomisarzRyba
Contributor
‎2024-05-31 02:04 AM
Jump to solution

No logs

Hello,

The case is as follows: We have a specific source address and a specific destination address. There is no problem with communication, but there are no logs. Logging is turned on. The IP addresses are on different networks, so traffic should go through the gateway. When we ping others' destination IP address, we see logs. Any ideas why we can't see the logs for specific addresses? What can we check or change?

BR,

Mateusz

0 Kudos
1 Solution

Accepted Solutions
KomisarzRyba
Contributor
‎2024-07-11 12:07 AM
In response to the_rock
Jump to solution

The problem was solved by replacing the device with a newer one.

View solution in original post

0 Kudos
11 Replies
the_rock
MVP Platinum
MVP Platinum
‎2024-05-31 02:59 AM
Jump to solution

Those are ONLY logs you dont see?

Best,
Andy
0 Kudos
KomisarzRyba
Contributor
‎2024-05-31 03:03 AM
In response to the_rock
Jump to solution

Yes, those are only logs I don't see.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-05-31 12:57 PM
In response to KomisarzRyba
Jump to solution

I second what Phoneboy said, you need to verify with tcpdump if its even reaching the gateway. Though, I assume it must be, since you said ping is fine, but nothing else. Did you try maybe old school tracker to see if that works?

Andy

Best,
Andy
0 Kudos
Amir_Senn
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2024-06-02 01:34 AM
In response to KomisarzRyba
Jump to solution

This might be matched on another rule in the rule base than other protocols.

I would suggest checking if all relevant rules have logging and also try to turn on logging of implied rules:Capture.PNG

Kind regards, Amir Senn
0 Kudos
PhoneBoy
Admin
Admin
‎2024-05-31 07:44 AM
Jump to solution

Have you confirmed with a tcpdump and/or a traceroute that the traffic is actually passing through the gateway?

0 Kudos
KomisarzRyba
Contributor
‎2024-06-03 02:30 AM
In response to PhoneBoy
Jump to solution

Here we can see the result of the ping and tracert test.
Src: 172.21.1.60,
Dst: 172.21.16.201
CheckPoint interface IP address: 172.21.0.1/20
Below we can see logs from pinging other addresses. These logs can be seen in Smartconsola. There are no logs to the destination address.
All rules have logging enabled. Log Implied Rules are enabled.
Any ideas?

Zrzut ekranu 2024-05-24 120046.pngdsa.pngZrzut ekranu 2024-05-24 120319.pngdsa.png

0 Kudos
Amir_Senn
MVP Silver CHKP MVP Silver CHKP
MVP Silver CHKP
‎2024-06-03 02:58 AM
In response to KomisarzRyba
Jump to solution

From the looks of it logs might not behave the same since this is also relates to VPN. For ping we would usually expect firewall blade. Also this is not the actual ping since this is not the same IP as dst, those look like remote GW in the VPN community?

Also you have hops missing in the tracert? This might happen because of VPN encryption.

If you try to use tcpdump, check which port/service. Probably VPN ports/services.

 

Kind regards, Amir Senn
0 Kudos
KomisarzRyba
Contributor
‎2024-07-08 06:52 AM
In response to PhoneBoy
Jump to solution

Yes, the traffic is passing through the gateway - confirmed with a tcpdump.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-07-08 07:37 AM
In response to KomisarzRyba
Jump to solution

Try "old school" tracker, if that works, then its most likely indexing issue.

Andy

 

Screenshot_1.png

Best,
Andy
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2024-07-08 07:43 AM
In response to KomisarzRyba
Jump to solution

Alsso, make sure this is enabled on mgmt server object.

Andy

 

Screenshot_2.png

Best,
Andy
0 Kudos
KomisarzRyba
Contributor
‎2024-07-11 12:07 AM
In response to the_rock
Jump to solution

The problem was solved by replacing the device with a newer one.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events