Hi Gurus, Thanks for your reply.
When performing 'netstat -an' command on my Nokia firewall, I can see the following : Local Address Foreign Address a.b.c.d.1571 (nokia address) w.x.y.z.257 (Win management server) state SYN_SENT (and not ESTABLISHED!) If I performed a telnet to management server (port 257) from the firewall, the connection is refused by the management server. I assume that this explains why the management server doesn't get log from the firewall. According to my rules (defined and implicit), this connection should be allowed. Does anyone encounter this issue ? Thanks in advance for your answers, ----Message d'origine---- >Date: Tue, 19 Sep 2006 03:38:24 -0700 >De: cisco4ng <[EMAIL PROTECTED]> >Sujet: Re: [FW-1] Cannot get any log from my firewall >A: [email protected] > >Well.... > > There is no KB on this but I was told by Nokia PLS that a KB will be coming > out soon > on this one. > > cisco4ng > >joe smith <[EMAIL PROTECTED]> wrote: > Umm, actually checking layer 3 connectivity is a great >starting point at troubleshooting any network firewall >related issues. wasnt clear if he established layer 3 >connectivity. Is this buffer size increase related to >specific IPSO version or KB article ? > >--- cisco4ng wrote: > >> Well.... >> Just because you have "ESTABLISHED" via port 257 >> between the Management >> Server and the firewall means that the Enforcement >> Module will send log to the >> SmartCenter. Please do the following: >> >> 1) cprestart on the nokia module, >> 2) perform "fw ctl debug -buf 8192" on the Nokia. >> 3) put this command in "/var/etc/local file" so >> that if the Nokia is rebooted, the nokia >> still has enough buffer to send log to the >> SmartCenter. >> >> I've had several instances where firewall not >> sending logs to the CMA/Smartcenter >> and increasing log buffer on the nokia after >> "cprestar" fixes the problem. >> >> HTH >> >> >> Rick Centner wrote: >> do a netstat -an and look for tcp connection on >> port 257 bound, you >> should see a connection to fw in established state. >> >> l.x.y.z.257 a.b.c.d.1075 17376 0 66608 0 >> ESTABLISHED >> >> >> Yann Roger wrote: >> >> > Hi people, >> > >> > My configuration is the following : >> > * Firewall-1 NGX 60 - IPSO 3.9 - installed on >> Nokia appliance IP 385 >> > * SmartCenter installed on a dedicated Windows >> 2003 server >> > * The Firewall-1 have several interfaces (2 >> external and 8 internal). >> > >> > From the SmartView Tracker, I can see logs >> generated by the management server. However, I have >> no logs retrieved from the Nokia IP 385 Firewall -1. >> > >> > If I execute the command 'fw log -n' on the Nokia >> appliance, I get nothing in output. I assume that no >> log is stored on a diskless appliance, however it >> should be sent to the SmartCenter. >> > >> > Note that all my security rules are configured >> with at least log or account level for tracking. >> > >> > Does anyone have experience about a problem >> between IP 385 appliance and SmartView Tracker for >> reporting logs ? >> > >> > Thanks in advance for your help, >> > >> > ================================================= >> > To set vacation, Out-Of-Office, or away messages, >> > send an email to >> [EMAIL PROTECTED] >> > in the BODY of the email add: >> > set fw-1-mailinglist nomail >> > ================================================= >> > To unsubscribe from this mailing list, >> > please see the instructions at >> > http://www.checkpoint.com/services/mailing.html >> > ================================================= >> > If you have any questions on how to change your >> > subscription options, email >> > [EMAIL PROTECTED] >> > ================================================= >> >> >> ================================================= >> To set vacation, Out-Of-Office, or away messages, >> send an email to [EMAIL PROTECTED] >> in the BODY of the email add: >> set fw-1-mailinglist nomail >> ================================================= >> To unsubscribe from this mailing list, >> please see the instructions at >> http://www.checkpoint.com/services/mailing.html >> ================================================= >> If you have any questions on how to change your >> subscription options, email >> [EMAIL PROTECTED] >> ================================================= >> >> >> >> --------------------------------- >> Stay in the know. Pulse on the new Yahoo.com. Check >> it out. >> >> ================================================= >> To set vacation, Out-Of-Office, or away messages, >> send an email to [EMAIL PROTECTED] >> in the BODY of the email add: >> set fw-1-mailinglist nomail >> ================================================= >> To unsubscribe from this mailing list, >> please see the instructions at >> http://www.checkpoint.com/services/mailing.html >> ================================================= >> If you have any questions on how to change your >> subscription options, email >> [EMAIL PROTECTED] >> ================================================= >> > > >__________________________________________________ >Do You Yahoo!? >Tired of spam? Yahoo! Mail has the best spam protection around >http://mail.yahoo.com > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= > > > >--------------------------------- >Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ >countries) for 2ยข/min or less. > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
