Sorry saw the fw fetch bout the time I hit send, doh One other question, is the FW local or remote to the SCS? Any NAT?
________________________________ From: Gary Scott <[email protected]> To: [email protected] Sent: Thursday, January 29, 2009 10:52:19 PM Subject: Re: [FW-1] R60 VPN-1 module won't log to Smartcenter Have you tried deleting or moving the entire contents of the log directory on the SCS, do a cpstop before clearing the dir.? Does a fw fetch work? -GS ________________________________ From: David Aitchison <[email protected]> To: [email protected] Sent: Thursday, January 29, 2009 10:35:48 PM Subject: [FW-1] R60 VPN-1 module won't log to Smartcenter Hi everybody, I'm having a lot of trouble getting an R60 Secureplatform firewall to log to an R60 Smartcenter server. Logging issues I'm sure are familiar to all of us, but I've never come across one as persistent as this. I've worked through all the usual SecureKnowledge documents, reinitialized SIC, checked the masters file, hosts file, name resolution, etc, etc, to no avail. Unlike previous logging issues I've worked through, there is actually a 257/tcp connection being established to the Smartcenter. Name resolution is therefore working. A full 3-way handshake occurs, there are 10-15 packets passed to and fro (looks like a certificate exchange), and then the module makes an orderly FIN/ACK disconnection from the Smartcenter. This repeats every 15 seconds. Local logging on the firewall module show the accepted FW1_log connections matching on "Implied rule". I suspect a certificate validation problem, but every SIC check I've performed has reported OK, and pushing policies from the SmartCenter works fine, as does pulling the policy off the Smartcenter (`fw fetch <Smartcenter_address>`). There's no control logs being generated on the firewall module, and no unusual log entries in all the other .elg logs. Wondering if there was something corrupt in local configuration, I resorted today to rebuilding the firewall module from scratch, but still have the same problem. Has anyone seen the same behavior in their own environment? Regards, Dave Aitchison. Scanned by Check Point Total Security Gateway. Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
