Just check the output of fw unloadlocal on mgmt server. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] Behalf Of Yann Roger Sent: Tuesday, September 19, 2006 9:49 PM To: [email protected] Subject: Re: [FW-1] Cannot get any log from my firewall
Hi Gurus, Thanks for your reply. When performing 'netstat -an' command on my Nokia firewall, I can see the following : Local Address Foreign Address a.b.c.d.1571 (nokia address) w.x.y.z.257 (Win management server) state SYN_SENT (and not ESTABLISHED!) If I performed a telnet to management server (port 257) from the firewall, the connection is refused by the management server. I assume that this explains why the management server doesn't get log from the firewall. According to my rules (defined and implicit), this connection should be allowed. Does anyone encounter this issue ? Thanks in advance for your answers, ----Message d'origine---- >Date: Tue, 19 Sep 2006 03:38:24 -0700 >De: cisco4ng <[EMAIL PROTECTED]> >Sujet: Re: [FW-1] Cannot get any log from my firewall >A: [email protected] > >Well.... > > There is no KB on this but I was told by Nokia PLS that a KB will be coming > out soon > on this one. > > cisco4ng > >joe smith <[EMAIL PROTECTED]> wrote: > Umm, actually checking layer 3 connectivity is a great >starting point at troubleshooting any network firewall >related issues. wasnt clear if he established layer 3 >connectivity. Is this buffer size increase related to >specific IPSO version or KB article ? > >--- cisco4ng wrote: > >> Well.... >> Just because you have "ESTABLISHED" via port 257 >> between the Management >> Server and the firewall means that the Enforcement >> Module will send log to the >> SmartCenter. Please do the following: >> >> 1) cprestart on the nokia module, >> 2) perform "fw ctl debug -buf 8192" on the Nokia. >> 3) put this command in "/var/etc/local file" so >> that if the Nokia is rebooted, the nokia >> still has enough buffer to send log to the >> SmartCenter. >> >> I've had several instances where firewall not >> sending logs to the CMA/Smartcenter >> and increasing log buffer on the nokia after >> "cprestar" fixes the problem. >> >> HTH >> >> >> Rick Centner wrote: >> do a netstat -an and look for tcp connection on >> port 257 bound, you >> should see a connection to fw in established state. >> >> l.x.y.z.257 a.b.c.d.1075 17376 0 66608 0 >> ESTABLISHED >> >> >> Yann Roger wrote: >> >> > Hi people, >> > >> > My configuration is the following : >> > * Firewall-1 NGX 60 - IPSO 3.9 - installed on >> Nokia appliance IP 385 >> > * SmartCenter installed on a dedicated Windows >> 2003 server >> > * The Firewall-1 have several interfaces (2 >> external and 8 internal). >> > >> > From the SmartView Tracker, I can see logs >> generated by the management server. However, I have >> no logs retrieved from the Nokia IP 385 Firewall -1. >> > >> > If I execute the command 'fw log -n' on the Nokia >> appliance, I get nothing in output. I assume that no >> log is stored on a diskless appliance, however it >> should be sent to the SmartCenter. >> > >> > Note that all my security rules are configured >> with at least log or account level for tracking. >> > >> > Does anyone have experience about a problem >> between IP 385 appliance and SmartView Tracker for >> reporting logs ? >> > >> > Thanks in advance for your help, >> > >> > ================================================= >> > To set vacation, Out-Of-Office, or away messages, >> > send an email to >> [EMAIL PROTECTED] >> > in the BODY of the email add: >> > set fw-1-mailinglist nomail >> > ================================================= >> > To unsubscribe from this mailing list, >> > please see the instructions at >> > http://www.checkpoint.com/services/mailing.html >> > ================================================= >> > If you have any questions on how to change your >> > subscription options, email >> > [EMAIL PROTECTED] >> > ================================================= >> >> >> ================================================= >> To set vacation, Out-Of-Office, or away messages, >> send an email to [EMAIL PROTECTED] >> in the BODY of the email add: >> set fw-1-mailinglist nomail >> ================================================= >> To unsubscribe from this mailing list, >> please see the instructions at >> http://www.checkpoint.com/services/mailing.html >> ================================================= >> If you have any questions on how to change your >> subscription options, email >> [EMAIL PROTECTED] >> ================================================= >> >> >> >> --------------------------------- >> Stay in the know. Pulse on the new Yahoo.com. Check >> it out. >> >> ================================================= >> To set vacation, Out-Of-Office, or away messages, >> send an email to [EMAIL PROTECTED] >> in the BODY of the email add: >> set fw-1-mailinglist nomail >> ================================================= >> To unsubscribe from this mailing list, >> please see the instructions at >> http://www.checkpoint.com/services/mailing.html >> ================================================= >> If you have any questions on how to change your >> subscription options, email >> [EMAIL PROTECTED] >> ================================================= >> > > >__________________________________________________ >Do You Yahoo!? >Tired of spam? Yahoo! Mail has the best spam protection around >http://mail.yahoo.com > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= > > > >--------------------------------- >Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ >countries) for 2ยข/min or less. > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
