AnsweredAssumed Answered

R80.10 Management - R77.30 Gateway as VPN Endpoint

Question asked by kyle.192972a1-8014-4612-af8d-833ab0336333 on Apr 2, 2017
Latest reply on Jun 27, 2017 by Dameon Welch-Abernathy

Currently have a star VPN configuration between On Prem and AWS.  (Two firewalls on prem, two firewalls in AWS).


Prior to a policy push with R80.10 management, I was able to collect logs from the AWS appliances over the VPN tunnel that was built.  Now, after pushing policy from an R80.10 Management server, I'm no longer able to send logs from the AWS gateways to the on prem management server.  Connectivity to the gateways in AWS is fine (can still push policy / reach devices behind the gateways)


A netstat shows the gateway in AWS attempting to connect to the proper logging server:

tcp        0      1          SYN_SENT    4487/fwd


I am able to successfully connect to from the gateway (via ping or telnet tests):

[Expert@FW1:0]# ping

PING ( 56(84) bytes of data.

64 bytes from icmp_seq=1 ttl=58 time=34.3 ms

64 bytes from icmp_seq=2 ttl=58 time=28.4 ms

64 bytes from icmp_seq=3 ttl=58 time=28.7 ms


[Expert@FW1:0]# telnet 443


Connected to

Escape character is '^]'.



However, when I attempt to telnet directly to port 257, the telnet test times out:

[Expert@FW1:0]# telnet 257


telnet: connect to address Connection timed out


My assumption is that the implied rules for Logging are taking precedence and the logging traffic is not making it to the explicit rule in policy that allows and encrypts the traffic.