Hi Gary, I wasn't going to pick you up on the 'fw fetch' oversight. That never pays when you're begging for help...
The firewall is local to the SCS - it's on the internal LAN, no NAT involved, connected within the same broadcast domain. In case it's relevant, we have several other R60 firewalls managed by the same SCS, with no policy push/fetch or logging problems evident. All firewalls are running the same hotfix (only a few behind current, at HFA_05). Dave. On Thu, 29 Jan 2009 20:08:15 -0800, "Gary Scott" <[email protected]> said: > Sorry saw the fw fetch bout the time I hit send, doh > One other question, is the FW local or remote to the SCS? Any NAT? > > > > > ________________________________ > From: Gary Scott <[email protected]> > To: [email protected] > Sent: Thursday, January 29, 2009 10:52:19 PM > Subject: Re: [FW-1] R60 VPN-1 module won't log to Smartcenter > > Have you tried deleting or moving the entire contents of the log > directory on the SCS, do a cpstop before clearing the dir.? Does a fw > fetch work? > > -GS > > > > > ________________________________ > From: David Aitchison <[email protected]> > To: [email protected] > Sent: Thursday, January 29, 2009 10:35:48 PM > Subject: [FW-1] R60 VPN-1 module won't log to Smartcenter > > Hi everybody, > > I'm having a lot of trouble getting an R60 Secureplatform firewall to > log to an R60 Smartcenter server. Logging issues I'm sure are familiar > to all of us, but I've never come across one as persistent as this. > I've worked through all the usual SecureKnowledge documents, > reinitialized SIC, checked the masters file, hosts file, name > resolution, etc, etc, to no avail. > > Unlike previous logging issues I've worked through, there is actually a > 257/tcp connection being established to the Smartcenter. Name > resolution is therefore working. A full 3-way handshake occurs, there > are 10-15 packets passed to and fro (looks like a certificate exchange), > and then the module makes an orderly FIN/ACK disconnection from the > Smartcenter. This repeats every 15 seconds. Local logging on the > firewall module show the accepted FW1_log connections matching on > "Implied rule". > > I suspect a certificate validation problem, but every SIC check I've > performed has reported OK, and pushing policies from the SmartCenter > works fine, as does pulling the policy off the Smartcenter (`fw fetch > <Smartcenter_address>`). There's no control logs being generated on the > firewall module, and no unusual log entries in all the other .elg logs. > Wondering if there was something corrupt in local configuration, I > resorted today to rebuilding the firewall module from scratch, but still > have the same problem. > > Has anyone seen the same behavior in their own environment? > > Regards, > Dave Aitchison. > > Scanned by Check Point Total Security Gateway. > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > > > > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
