This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
bjbakker1984
Explorer
‎2025-08-18 02:16 AM

possible issue - External syslog delivery doesn't resume after connection interruption

Hi,

 

I am currently investigating a syslog issue and wanted to through in a post to see if more people have this or can reproduce this. 

 

Setup

- Hardware: 2 Spark appliances (1575), version: R81.10.17 (996004653). Both are on different locations, both have a public WAN IP. 

- firewall/access: NO VPN between them, port forward in FW1 to forward syslog from FW2 to specific internal system

- FW1: External Syslog server -> IP and port (UDP) in local subnet

- FW2: External Syslog server -> IP (WAN IP FW1) and port which is forwarded.

 

Observed behavior (from the syslog server): 

- Basic setup and both FWs are submitting syslog traffic to the internal system (checked/observed from this internal system)

- After reboot FW1 (or other downtime), syslog resumes on FW1, syslog on FW2 stops and doesn't resume when connection is back again

- After a re-save of the External Syslog Server settings (without changes) on FW2, the syslog traffic resumes

 

note; I also observed this in versions R81.10.15 and R81.10.10.

 

2 Replies
PhoneBoy
Admin
Admin
‎2025-08-18 08:38 AM

I suggest getting TAC involved here.

the_rock
MVP Gold
MVP Gold
‎2025-08-18 08:43 AM

Maybe try latest version, R81.10.17, but if no luck, I would certainly open TAC ticket.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events