This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
bibinpaul
Participant
‎2022-05-30 03:47 AM
Jump to solution

Session logs not showing Xlate information

Hello All,

Good day!!

Today I have been troubleshooting and issue and observed the connection logs shows Xlate information but the session log entries are not showing the Xlate information

Is that an expected behavior in Checkpoint logs?

One of my Internal IP is trying to access Azure AD and it is not working. This is a new deployment.

The connection logs shows proper source address translation details but not the session logs

 

Under tracking details we have enabled log generation per session and per connection and per session

 

Thanks and Regards

Bibin

 

Preview file
13 KB
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2022-05-31 09:05 AM
Jump to solution

Believe that is expected behavior, yes.
@Timothy_Hall mentioned it in his presentation at CPX this year: https://community.checkpoint.com/t5/Member-Exclusive-Content/Max-Gander-The-Hidden-World-of-Log-Gene...

View solution in original post

6 Replies
PhoneBoy
Admin
Admin
‎2022-05-31 09:05 AM
Jump to solution

Believe that is expected behavior, yes.
@Timothy_Hall mentioned it in his presentation at CPX this year: https://community.checkpoint.com/t5/Member-Exclusive-Content/Max-Gander-The-Hidden-World-of-Log-Gene...

Timothy_Hall
MVP Gold
MVP Gold
‎2022-05-31 11:58 AM
In response to PhoneBoy
Jump to solution

I did mention it in my CPX speech, but credit for bringing this to my attention should go to @Vladimir.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
bibinpaul
Participant
‎2022-05-31 02:24 PM
In response to PhoneBoy
Jump to solution

Thanks heaps

Given below is as per the speech 

"Be aware that NAT information will not be added to logs of type Session; only connections logged as type Connection with the "Per Connection" log generation checkbox set will contain NAT information. This seems to be a bug and may well change in the future"

0 Kudos
_Val_
Admin
Admin
‎2022-05-31 11:42 PM
In response to bibinpaul
Jump to solution

I do not think this is a bug. Session logs are in fact aggregation of multiple connection logs. Each one of those has different XLATE data. How would you aggregate those? An exception is with static NAT, but I think the general principle here is not to aggregate NAT data by design

0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2022-06-01 05:25 AM
In response to _Val_
Jump to solution

I can see your point Val, but the lack of any NAT information in a log card implies that no NAT occurred at all.  So in the case of a session log one might conclude that there was no NAT performed when in fact there was.  I wouldn't mind seeing a message in a session log when NAT has occurred on any of the connections stating something like "NAT information not included - see connection logs" or something like that; if there was no NAT on any of the connections that message isn't there. 

By the same token it would be nice to see something like "no NAT performed" in a connection log when there are no NAT rules hit instead of just showing nothing at all in the log card.  This would also make it easier to troubleshoot when a connection should have been NATted but wasn't due to a misconfiguration.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
_Val_
Admin
Admin
‎2022-06-01 05:35 AM
In response to Timothy_Hall
Jump to solution

I certainly understand and agree with your point here

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events