I have a question regarding logging in a provider-1 environment for remote gateways/clusters. I think I know the answer however would like confirmation. I have built up a simple lab following my old R71 Provider-1 lab manual. I have an MDS with two Domains [CMAs] both hidden behind the NOC firewall with all the required rules in place. The first domain manages the NOC and the second the remote cluster. The second domain [non-NOC CMA] has a host object natted to a public IP as per the lab manual documentation. Policy installation works fine however logging is being sent to the remote site’s domain [CMA] using the internal address and not the public IP. Hence causing remote logs to not show up in SmartView Tracker. This was confirmed with a simple packet capture using port 257.
The following doesn’t fix the issue:
- Manual NAT rule to try forcing the translation.
- Dummy object with the Public IP of the domain placed under the remote cluster's settings [Logs - Additional Logging Configuration - Log Forwarding]. I added the dummy object and a log forwarding schedule of every minute with out success.
I’m sure a VPN will solve the issue but would like to know if this is the only solution. I re-read the provider-1 docs and understand that a routable IP should be used which would rid myself of this headache. I have no problem re-building my lab or setup a VPN to do so but would like to see if there is another way. Any SK or advice would be much appreciated.
Thanks in advance.