Thanks a lot for all your input guys. I still haven't had the chance to get my hands on those boxes, that was supposed to happen today, but my customer called to cancel and it will be tomorrow afternoon.
My customer deployed the remote Nokia on his own and basically all the boxes involved (local Cluster, SMC and remote Nokia) are located within a large WAN, so there should be no NAT required for the remote Nokia to talk to the SMC as the network should be able to route traffic destined to the real IP of that machine. Furthermore, I mentioned we are in fact seeing TCP/257 traffic sourced on the Remote Nokia and destined to the SMC, on the logs generated by the Cluster and those connections appear as accepted, so that means a couple of things: 1. The Remote Nokia is in fact sending logs 2. The traffic is being routed properly by the WAN as it is reaching the cluster that lays right in front of the SMC Tomorrow I will check if NAT rules exist for the SMC and if fw monitor on the SMC show any traffic coming from the remote Nokia and start from there. Several of your suggestions will be very useful during my troubleshooting session tomorrow, so I really appreciate them. I'll let you know what happens. Regards On 7/19/07, Rajeev Gupta <[EMAIL PROTECTED]> wrote:
I would start like this: Do a 'netstat -an | grep 257', for example, to see your module/s connection status - is it established to the SMC IP or what??? Second debug 'fwd' on both the SMC and FW module 'fw debug fwd on' - leave it on for a minute or two to capture data and look through '$FWDIR/log/fwd.elg' files on both SMC and the Module/s. The above two should tell you quite a story to move further w/ appropriate steps logically. If you so wish, you can post your netstat output and/or debug output - I do not mind it offline if you so wish. hth, Rajeev On 7/18/07, Sergio Alvarez <[EMAIL PROTECTED]> wrote: > > Hello, > > We have a deployment with a SmartCenter (SMC) over SPLAT, a couple of > Nokia > boxes running IPSO Clustering in front of that SMC, and an extra fw module > also running over Nokia in a remote location. > > Everything runs Check Point NGX R60 HFA05. > > The remote fw module is new and we have SIC working properly, it is > possible > to install the policy on it with no issues and we see traffic in TCP/257 > (FW1_log) passing though the Cluster with the remote module as the source > and the SMC as the destination, but those logs are not shown in the SV > Tracker. > > There is nothing between the Cluster and the SmartCenter so we are sure > this > traffic must be reaching the SMC network, so do you guys know of any > reason > why logs could reach a SMC but not be displayed in the SV Tracker??? > > We will do extra tests tomorrow with me on site, but I just can't think > what > could be wrong.... > > Any assistance with this issue will be very appreciated. > > Regards > > -- > Sergio Alvarez > (506)8301342 > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
-- Sergio Alvarez (506)8301342 ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
