06-01-2012 11:01 AM
I have a router just outside my PAN 500, ver 4.0.5. I need to get syslog information in from it for my PCI requirements. Here is my setup:
The following objects are defined:
INT-NPM Syslog server, IP address 172.15.10.8
TWC-RTR Router, 197.148.156.124
TWC-NPM NAT address for INT-NPM, 197.148.156.150
TWC-NAT Internal NAT for TWC internet comm; 197.148.156.253
Services: Syslog: 514/TCP and Syslog-UDP: 514/UDP
The following policies are defined:
NAT:
Internal to External, no dest int, Source INT-NPM, any dest, any service, IP: static-ip, Translated Address: TWC-NPM, BI-dir YES.
Security:
External to ANY, User ANY, HIP Profile ANY, Dest zone Internal, address WTC-NPM, Any application, both Syslog services, action ALLOW
What I get in the traffic log when I force a change that results in a syslog-able event, is this:
Time, drop, frm External, to Internal, source 197.148.156.124, destination 197.148.156.150, to port 514, action deny.
Any idea what I am doing wrong? I had it setup the same as my exchange server (different services) but it always seemed ot deny the traffic (falling down to my catch-all rule). I've tried teh destination as the external NAT address and teh internal address in the security rule: neither seems to work.
Message was edited by: rhanna@lamadeleine.com
06-08-2012 07:25 AM
Unfortunatyely that was me mis-typing the IP address here, not in the PA. Sorry.
06-08-2012 07:35 AM
Your NAT and security rules appear to be correct. I recommend you contact Support and open a case. Thanks.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
