This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
KomisarzRyba
Explorer
‎2024-05-31 02:04 AM

No logs

Hello,

The case is as follows: We have a specific source address and a specific destination address. There is no problem with communication, but there are no logs. Logging is turned on. The IP addresses are on different networks, so traffic should go through the gateway. When we ping others' destination IP address, we see logs. Any ideas why we can't see the logs for specific addresses? What can we check or change?

BR,

Mateusz

0 Kudos
7 Replies
the_rock
Legend
Legend
‎2024-05-31 02:59 AM

Those are ONLY logs you dont see?

0 Kudos
KomisarzRyba
Explorer
‎2024-05-31 03:03 AM
In response to the_rock

Yes, those are only logs I don't see.

0 Kudos
the_rock
Legend
Legend
‎2024-05-31 12:57 PM
In response to KomisarzRyba

I second what Phoneboy said, you need to verify with tcpdump if its even reaching the gateway. Though, I assume it must be, since you said ping is fine, but nothing else. Did you try maybe old school tracker to see if that works?

Andy

0 Kudos
Amir_Senn
Employee
Employee
a month ago
In response to KomisarzRyba

This might be matched on another rule in the rule base than other protocols.

I would suggest checking if all relevant rules have logging and also try to turn on logging of implied rules:Capture.PNG

Kind regards, Amir Senn
0 Kudos
PhoneBoy
Admin
Admin
‎2024-05-31 07:44 AM

Have you confirmed with a tcpdump and/or a traceroute that the traffic is actually passing through the gateway?

0 Kudos
KomisarzRyba
Explorer
a month ago
In response to PhoneBoy

Here we can see the result of the ping and tracert test.
Src: 172.21.1.60,
Dst: 172.21.16.201
CheckPoint interface IP address: 172.21.0.1/20
Below we can see logs from pinging other addresses. These logs can be seen in Smartconsola. There are no logs to the destination address.
All rules have logging enabled. Log Implied Rules are enabled.
Any ideas?

Zrzut ekranu 2024-05-24 120046.pngdsa.pngZrzut ekranu 2024-05-24 120319.pngdsa.png

0 Kudos
Amir_Senn
Employee
Employee
a month ago
In response to KomisarzRyba

From the looks of it logs might not behave the same since this is also relates to VPN. For ping we would usually expect firewall blade. Also this is not the actual ping since this is not the same IP as dst, those look like remote GW in the VPN community?

Also you have hops missing in the tracert? This might happen because of VPN encryption.

If you try to use tcpdump, check which port/service. Probably VPN ports/services.

 

Kind regards, Amir Senn
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events