Problem Description
I am running into a situation where no logging information is being
received by the Firewall manager from the inspection modules.
Specifically, the modules' are unable to establish a TCP logging session
(port 257) to the firewall management server. On the packet sniffer
(NetXray), I can see the TCP session initiated by the inspection modules
and only to be resetted by the firewall manager after a few short
exchanges. The exchange always gets reset after some reference to S/Key.
What is strange is that a session initiated by the firewall manager to the
inspection modules (ie installing policy) works just fine. So, this seems
to be an one way authentication problem.
Has anyone seen this problem before?
Routing is working as I can ping and traceroute. I can also see the System
Status just fine. The number of accepted entries are increasing but no
logging information appears in the log viewer. The log viewer has no
filters set. Logging files on the Inspection modules are increasing and
when copied to the FW manager server, they look fine.
Our reseller technical support have not being able to resolve this problem
for a few months. Hopefully, one of you can help shed some light to this
matter or point me in the right direction.
Thanks in advance for your help!!!
Setup info
1 Firewall policy is set to: source=any, destination=any, service=any,
action=accept, track=long
All FW components are running FW 3.0B patch 3083 VPN +DES edition with NT
4.0 SP3
Each of the 3 Inspection modules runs with NT RRAS with OSPF enabled on all
3 NICs
Inspection modules and the firewall manager are on 2 different IP subnets
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
