04-22-2018 06:44 PM
We've syslog configured on devices with tcp protocol on port 515. Our passive device syslog connection is breaking every 300 seconds. Can you help in understand why passive palo alto not sending keep-alive?
04-23-2018 10:07 PM
@BPry, It is management interface only. We are getting logs in Monitor > system saying syslog connection broken and in next second syslog connection is established, this logs are with High severity.
04-24-2018 06:25 AM
Assuming that the Active and Passive firewall are not directly plugged into the same switch for management access, have you verified that it isn't actually losing connection to the syslog server? It may be that it actually is losing this connection for a second, hence why the logs are generating.
04-26-2018 05:40 AM
The firewalls (active/passive) makes a tcp connection with syslog server virtual ip configured on load balancer. On load balancer we have tcp idle timeout set to 300 seconds. The load balancer is sending reset packet to passive device after 300 seconds which breaks the connection. My query is why the passive device not sending any keep-alive to keep the tcp connection active???
Also if it sends keep-alive what is it default time, is it more then 300 seconds.
Thanks.
04-26-2018 06:00 AM
To the best of my knowledge the firewall doesn't send a keep-alive, and will allow the connection to the syslog server to close if enough logs are not generated during this time frame; unlike the ESM server that actually sends a keep-alive message that you configure.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
