Support Center > Search Results > SecureKnowledge Details
"fw logswitch" command on Log Server fails if its object in SmartDashboard is defined with a NAT IP Address Technical Level
  • "fw logswitch" command on Log Server / Domain Log Server fails with "Failed to connect" error in the following scenario:

    • Topology:
      • [ Log Server , Real IP) --- [ NAT device ] --- [ MGMT Server ]
    • Configuration:
      • Log Server is defined in SmartDashboard with its NATed IP address
      • NAT device hides the Real IP address of Log Server
  • Scheduled logswitch on Log Server (configured in SmartDashboard) succeeds.

  • Running the logswitch under debug shows that "fw logswitch" command tries to connect to the NATed IP Address defined in the Log Server's object instead of the Real IP address of the Log Server machine:

    [Expert@HostName:0]# fw -d logswitch <target_filename>
    ... ... ...
    [PID]@HostName[Date Time] fetch_objects: Start
    ... ... ...
    [PID]@HostName[Date Time] logswitch: filename == <target_filename>, server == localhost, sicname == local_sic_name
    [PID]@HostName[Date Time] fwclient_do_connect_e: server localhost port 256 sicname local_sic_name
    [PID]@HostName[Date Time] fwclient_do_connect_e: calling GetIpXAddrFromObjToConnFromMgmtToModule...
    [PID]@HostName[Date Time] No sym, resolved object localhost from object to <NATed_IP_ADDRESS> 
    [PID]@HostName[Date Time] fwclient_do_connect_e: hostname localhost hostsicname local_sic_name addr <NATed_IP_hex>
    [PID]@HostName[Date Time] fwclient_do_connect_e: addr <NATed_IP_ADDRESS>
    [PID]@HostName[Date Time] fw_do_get_all_ipaddrs: called. naddrs=...
    [PID]@HostName[Date Time] resolver_getaddrinfo_list: name=<Name_of_Log_Server_Object>, pref=0
    [PID]@HostName[Date Time] resolver_getaddrinfo_list: found peer 0 <REAL_IP_ADDRESS>
    ... ... ...
    [PID]@HostName[Date Time] resolver_gethostbyname: Performing gethostbyname for <Name_of_Log_Server_Object>
    [PID]@HostName[Date Time] peers addresses are
    [PID]@HostName[Date Time] <REAL_IP_ADDRESS>
    [PID]@HostName[Date Time] sic_client_do_connect: using server local sic name.
    ... ... ...
    [PID]@HostName[Date Time] fwasync_connected: 19: getpeername: Transport endpoint is not connected
    [PID]@HostName[Date Time] fwclient_connected: connection failed
    Failed to connect
    [PID]@HostName[Date Time] sic_client_connected: SIC error - Client could not connect to server

"fw logswitch" command on Log Server behaves as if it is a Security Management Server and tries to connect to the IP address defined in the Log Server's object in SmartDashboard.

Since the NATed IP address (defined in the Log Server's object) does not belong to any interface on the Log Server machine, there are no processes listening on that IP address. As a result, the connection fails.

Note: To view this solution you need to Sign In .