Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
samerkilani
Explorer

Losing logs after Installing a security policy

Hello everyone,

I have the following topology (screenshot attached):

A cluster with (2) firewalls and (1) Management Server, both firewalls forward logs to the management server and external log server.

My problem is whenever I published a policy, I lose receiving logs from both firewalls in the SmartConsole, but the external log server keeps receiving all logs as usual.

The way I used to workaround it is to remove the management server from the Log section in the cluster settings, publish the session then put the management server back and publish the policy again. But this workaround is not working anymore for no reason.

Please note that I tried tcpdump on both firewalls and the management server over port 257 but no packets have been captured, and I checked the management server it's listening on port 257.

I tried every possible solution I found on the internet with no result.

Anyone can help, please?

Thanks

 

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

A couple questions:

  • What version/JHF level?
  • Is NAT involved at all? If so is it configured in the Management object?

So that we don’t waste time suggesting things you’ve already tried, please detail the precise things you’ve already done to try and resolve this issue with the precise results you received.
I suggest opening a TAC case in parallel if you haven’t already.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events