remote MX logging

raj_t
Just browsing

remote MX logging

Syslog server is across the tunnel, it doesn't seem to work. On the remote firewall, i don't see any traffic hits for the syslog server from MX internal IP. There are few rules with logging enabled and the count on them is increasing.

5 Replies 5
ww
Kind of a big deal
Kind of a big deal

If you take a packet  capture of the tunnel traffic and filter the traffic  on your syslog port do you see any traffic?

raj_t
Just browsing

Packet capture for site-to-site vpn interface turns up blank no filters applied. We have continuous and considerable usage across the tunnel so it should not turn up blank. I can capture and see traffic on other side of tunnel for everything except from meraki firewall internal interface. Other side is a PaloAlto.

BrechtSchamp
Kind of a big deal

Are you looking at the correct firewall? The regular firewall doesn't interfere with traffic inside VPN tunnels, so it would be normal that you don't see the counters increasing in that one. The one at the bottom of the site-to-site VPN page should though.

 

Can you ping the syslog server from the remote network?

As I understand logging has to be enabled on actual firewall policy to be sent to syslog. Which i have one on the few rules used considerably. Outbound traffic from firewall internal IP is allowed across the site-to-site vpn. Remote tunnel peer is PaloAlto and we have snmp server on that site which is able to poll Meraki firewall. I just don't see any traffic from MX internal IP to the configured syslog server.

Get notified when there are additional replies to this discussion.