How To Troubleshoot Connection Failures Between Firewall And Log Collector

49091

Created On 02/10/22 18:09 PM - Last Modified 11/14/23 17:35 PM

Log Forwarding

Logs

Device Management

10.0

10.1

Panorama

Log Forwarding app

Strata Cloud Manager

Objective

Troubleshoot Connection Failures Between Firewall And Log Collector

Device > Setup > Services > Service Route Configuration > click Customize > Panorama

If Service Route is set to "Use Management Interface for all" or "Use Default" then from the firewall CLI:
1. Check IP connection between firewall and the log collector (LC).

ping host <IP address of LC>

If ping is successful then proceed to (b) otherwise check physical layer1 and data link layer2 on your network.

Perform a traceroute check to the log collector:
```
traceroute host <IP address of the LC>
```
Similarly perform a traceroute check from the CLI of the log collector to the Management IP address of the firewall.
Check TCP connection between firewall and the log collector.

show netstat numeric-host yes numeric-port yes all yes | match 3978

Connection should show established if not then.

Check Permitted IP Address (Device > Setup> Interfaces > click Management > Permitted IP Addresses)

If a list of IP exist then make sure that Log collector IP address is present in that list.

tcpdump filter "port 3978" snaplen 0

Export the tcpdump packet capture to a scp or tftp server and analyze it to root cause the connection issue between firewall and log collector.

scp export mgmt-pcap from mgmt.pcap to username@host:path

Check the session details on the firewall CLI.
```
show session all filter source <IP address of the dataplane interface> destination <IP address of the LC>
```
Session should show active if discarded then check the firewall's related security policy, nat and routing.

If above checks are done then check if any firewall or device in your network is blocking this connection.