Solved

Logging on Watchguard x5000

Posted on 2006-11-20
3
1,055 Views
Last Modified: 2013-11-16
I am trying to enable logging on our watchguard x5000 firewall. I have a log server and WSM8.3 running on the same client desktop. My log current path is:
 c:/documents and settings/allusers/shared watchguard/logs
I have configured logging on policy manager and saved settings in the normal way. I check in Firebox system manager and in the bottom left hand there is a detail panel which states that  "log server: None"  The firebox crashes every two to three days and i am trying to find out what is causing it by looking at the logs, but i cannot at this stage do so. Can anyone offer any advice?

Thanking you in advance

Eddie
0
Comment
Question by:edjbartos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 13

Accepted Solution

by:
hstiles earned 250 total points
ID: 17987702
Is the firewall running WFS or Fireware Pro?

Could you open a command prompt on your PC and type netstat -an and check the results.  Let's say your log server has IP 192.168.1.5 and your firebox has IP 192.168.1.1, What you should see is

TCP 192.168.1.5:4107              192.168.1.1:XXXXX (some high value port)         ESTABLISHED - This appears to be SOHO, Edge and possibly WFS devices

TCP 192.168.1.5:4115              192.168.1.1:XXXXX (some high value port)         ESTABLISHED - This appears to be Core, Peak or maybe just Fireware Pro devices

If not, do you see TCP 0.0.0.0:4107 and TCP 0.0.0.0:4115?  This indicates that the log server is running.

Is the log machine behind the trusted interface of the Firebox?  If not, you'll need to add a Watxchguard Logging Rule.

Next, check the log security phrase and make sure it's correct.

Finally, it might be worth you re-flashing the FIrebox.  Make sure your configuration is backed up and run the quick set up wizard again to reload the image.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question