"fw logswitch" command on Log Server fails if its object in SmartDashboard is defined with a NAT IP Address

Support Center > Search Results > SecureKnowledge Details

Solution ID	sk108291
Product	Security Management, Multi-Domain Management
Version	R75, R76, R77, R77.10, R77.20, R77.30
Platform / Model	All
Date Created	21-Oct-2015
Last Modified	21-Oct-2015

Symptoms

"fw logswitch" command on Log Server / Domain Log Server fails with "Failed to connect" error in the following scenario:
- Topology:
  - [ Log Server , Real IP) --- [ NAT device ] --- [ MGMT Server ]
- Configuration:
  - Log Server is defined in SmartDashboard with its NATed IP address
  - NAT device hides the Real IP address of Log Server
Scheduled logswitch on Log Server (configured in SmartDashboard) succeeds.

Running the logswitch under debug shows that "fw logswitch" command tries to connect to the NATed IP Address defined in the Log Server's object instead of the Real IP address of the Log Server machine:

[Expert@HostName:0]# fw -d logswitch <target_filename>
... ... ...
[PID]@HostName[Date Time] fetch_objects: Start
... ... ...
[PID]@HostName[Date Time] logswitch: filename == <target_filename>, server == localhost, sicname == local_sic_name
[PID]@HostName[Date Time] fwclient_do_connect_e: server localhost port 256 sicname local_sic_name
[PID]@HostName[Date Time] fwclient_do_connect_e: calling GetIpXAddrFromObjToConnFromMgmtToModule...
[PID]@HostName[Date Time] No sym, resolved object localhost from object to <NATed_IP_ADDRESS> 
[PID]@HostName[Date Time] fwclient_do_connect_e: hostname localhost hostsicname local_sic_name addr <NATed_IP_hex>
[PID]@HostName[Date Time] fwclient_do_connect_e: addr <NATed_IP_ADDRESS>
[PID]@HostName[Date Time] fw_do_get_all_ipaddrs: called. naddrs=...
[PID]@HostName[Date Time] resolver_getaddrinfo_list: name=<Name_of_Log_Server_Object>, pref=0
[PID]@HostName[Date Time] resolver_getaddrinfo_list: found peer 0 <REAL_IP_ADDRESS>
... ... ...
[PID]@HostName[Date Time] resolver_gethostbyname: Performing gethostbyname for <Name_of_Log_Server_Object>
[PID]@HostName[Date Time] peers addresses are
[PID]@HostName[Date Time] <REAL_IP_ADDRESS>
[PID]@HostName[Date Time] sic_client_do_connect: using server local sic name.
... ... ...
[PID]@HostName[Date Time] fwasync_connected: 19: getpeername: Transport endpoint is not connected
[PID]@HostName[Date Time] fwclient_connected: connection failed
Failed to connect
[PID]@HostName[Date Time] sic_client_connected: SIC error - Client could not connect to server

Cause

"fw logswitch" command on Log Server behaves as if it is a Security Management Server and tries to connect to the IP address defined in the Log Server's object in SmartDashboard.

Since the NATed IP address (defined in the Log Server's object) does not belong to any interface on the Log Server machine, there are no processes listening on that IP address. As a result, the connection fails.

Solution

Note: To view this solution you need to Sign In .