Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
bibinpaul
Participant
Jump to solution

Session logs not showing Xlate information

Hello All,

Good day!!

Today I have been troubleshooting and issue and observed the connection logs shows Xlate information but the session log entries are not showing the Xlate information

Is that an expected behavior in Checkpoint logs?

One of my Internal IP is trying to access Azure AD and it is not working. This is a new deployment.

The connection logs shows proper source address translation details but not the session logs

 

Under tracking details we have enabled log generation per session and per connection and per session

 

Thanks and Regards

Bibin

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
6 Replies
PhoneBoy
Admin
Admin

Believe that is expected behavior, yes.
@Timothy_Hall mentioned it in his presentation at CPX this year: https://community.checkpoint.com/t5/Member-Exclusive-Content/Max-Gander-The-Hidden-World-of-Log-Gene...

Timothy_Hall
Legend Legend
Legend

I did mention it in my CPX speech, but credit for bringing this to my attention should go to @Vladimir.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
bibinpaul
Participant

Thanks heaps

Given below is as per the speech 

"Be aware that NAT information will not be added to logs of type Session; only connections logged as type Connection with the "Per Connection" log generation checkbox set will contain NAT information. This seems to be a bug and may well change in the future"

0 Kudos
_Val_
Admin
Admin

I do not think this is a bug. Session logs are in fact aggregation of multiple connection logs. Each one of those has different XLATE data. How would you aggregate those? An exception is with static NAT, but I think the general principle here is not to aggregate NAT data by design

0 Kudos
Timothy_Hall
Legend Legend
Legend

I can see your point Val, but the lack of any NAT information in a log card implies that no NAT occurred at all.  So in the case of a session log one might conclude that there was no NAT performed when in fact there was.  I wouldn't mind seeing a message in a session log when NAT has occurred on any of the connections stating something like "NAT information not included - see connection logs" or something like that; if there was no NAT on any of the connections that message isn't there. 

By the same token it would be nice to see something like "no NAT performed" in a connection log when there are no NAT rules hit instead of just showing nothing at all in the log card.  This would also make it easier to troubleshoot when a connection should have been NATted but wasn't due to a misconfiguration.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
_Val_
Admin
Admin

I certainly understand and agree with your point here

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events