This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
the_rock
MVP Platinum
MVP Platinum
‎2022-10-03 07:01 AM
Jump to solution

Logging issues in R81.10

Hey guys,

I hope someone might be able to shed some light about this. So, while back, I set up a lab with base R81, mgmt server + 2 single gateways and all works fine, no issues. I upgraded all to R81.10 and still going strong : -).

Now, the other week, to demonstrate R81.10 from scratch to a customer, I built brand new R81.10 (mgmt server + HA cluster) and all seems fine, except I see some odd issues with logging. For example, if I refresh the logs in dashboard, looks okay, but...say if I ping 8.8.8.8 from either cluster member, I can never see any logs, which is not the case in my other lab (works fine). I followed support sk's for this, rebooted many times, did fw logswitch, literally all the steps and still no luck.

I am totally at a loss why this would be happening, makes no logical sense to me.

If anyone can provide some suggestions, I would appreciate it. Anyway, its nothing urgent, since its a lab, but its really puzzling to me why its not working.

tx as always!!

Best,
Andy
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2022-10-03 09:23 AM
Jump to solution

Outbound traffic from the gateway is almost always handled through an implied rule that doesn't log, last I checked...

View solution in original post

0 Kudos
8 Replies
PhoneBoy
Admin
Admin
‎2022-10-03 09:23 AM
Jump to solution

Outbound traffic from the gateway is almost always handled through an implied rule that doesn't log, last I checked...

0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2022-10-03 09:28 AM
In response to PhoneBoy
Jump to solution

Thanks @PhoneBoy . That makes sense, but then how come I see the log via right policy in my other lab?

Best,
Andy
0 Kudos
PhoneBoy
Admin
Admin
‎2022-10-03 09:41 AM
In response to the_rock
Jump to solution

Not sure, maybe the implied rules were changed?
Or perhaps there is a code changes that impacts this behavior somehow?

0 Kudos
Abi
Participant
‎2022-10-03 10:09 AM
In response to PhoneBoy
Jump to solution

I hope you enable log in the rule that allows the traffic, my thought !

the_rock
MVP Platinum
MVP Platinum
‎2022-10-03 10:30 AM
In response to Abi
Jump to solution

I know even after 15 years it would be easy to forget, but it was enabled ;). I think @PhoneBoy is correct.

Best,
Andy
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2022-10-03 10:31 AM
In response to PhoneBoy
Jump to solution

Definitely no change in implied rules.

Best,
Andy
0 Kudos
JozkoMrkvicka
Authority
Authority
‎2022-10-03 10:52 PM
Jump to solution

Make sure the date and time are correctly configured on gateway and management (log server). You might see logs with huge delays while the date is not correct on one of devices. Best to use NTP to avoid issue.

Kind regards,
Jozko Mrkvicka
0 Kudos
the_rock
MVP Platinum
MVP Platinum
‎2022-10-04 07:56 AM
In response to JozkoMrkvicka
Jump to solution

Thanks @JozkoMrkvicka , but that was not the issue, it was the first thing I checked actually. @PhoneBoy was 100% correct as usual...no offense to anyone else, but he is after all CP master/guru/legend/expert...whatever you want to call it :). I enabled to log implied rules and sure enough, it started to show logs to google dns right away. Funny enough, that option was NOT enabled in R81 and logs were showing actual rule number.

Best,
Andy
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events