Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
PacketSandwich
Participant

Can't open (local) security logs, vpn down, IPSec tunnels are down - 1490

Jump to solution

Hello,

I have multiple issues on one 1490 appliance gateway we are supporting. I am sorry if  this is wrongfully placed in the forum as I don't know what is the root cause to multiple issues and all are important. The configuration seems intact and looks like yesterday when everyting was working fine.

The situation:The license expired and was renewed on Nov 15th, and everything was working again. 

This morning the local IT from the client first rebooted the box and then called, so I have only system logs since the reboot at 9:42 AM...

following issues are present:

  • IPSec is down (preshared key, with another 1430 gateway we manage). I can see on the other 1430 that daemon is installing the key ever 10 minutes or so and when I disabled the blade on 1490, I saw it in the logs on 1430 immediately, so they see each other, but tunnel is down.
  • endpoint security VPN client says the site is not responding (the 1490)
  • can't open security logs - locally stored on the 1490 device - failed to load logs

I can access the web interface and SSH to WAN IP of the 1490, there is enough free space, RAM and CPU, systems logs show nothing suspiciously looking. Generating the cpinfo file gets stuck on 5%. Otherwise the gateway is operating normally.

 

Could someone please point me to where to start? I have no idea what could be the culprit  

 

 

 

0 Kudos
1 Solution

Accepted Solutions
PacketSandwich
Participant

Hello,

I am just following up on this and closing this issue as I found the solution - the issue was actually caused by URL and application control blade! After switching it fff and now only to URL filtering enabled, the IPsec tunnel went up, I could connect to remote access and logs started working. Enabling application control again brought all the issues back, so this looks like the culprit. 

Maybe this would help someone with similar problem. 

 

View solution in original post

0 Kudos
3 Replies
PacketSandwich
Participant

Hello,

I am just following up on this and closing this issue as I found the solution - the issue was actually caused by URL and application control blade! After switching it fff and now only to URL filtering enabled, the IPsec tunnel went up, I could connect to remote access and logs started working. Enabling application control again brought all the issues back, so this looks like the culprit. 

Maybe this would help someone with similar problem. 

 

View solution in original post

0 Kudos
_Val_
Admin
Admin

I am glad you found a workaround, but it does not seem okay to me. If you have a valid support contract, I would advise you to open a support call with TAC for the matter.

0 Kudos
PacketSandwich
Participant

Hello, I am thinking about the same, just need to verify with customer to provide the details. Only the default group for app filtering was applied - block security risk categories. There were no custom applications or definition, the whole checkbox was not applied. 

0 Kudos