1
20.7 Legacy Series / NAT Rules logging not working
« on: November 20, 2020, 02:58:48 pm »
Hi,
i have a problem with NAT rules and logging.
That does not work as expected. I have configured a remote syslog server and send all logs that way. I receive all logs about block / pass rules but no information about NAT rules.
Background is, we have a VPN Gateway with some 1000 users which are natted to 4 IP adresses. If we have users with infected devices we get the information from our CERT, but they send us the external nadded ip, port and timestamp.
To get the real user i need the nat states, which internal IP triggered the CERT Rule for BOT/Virus/Worm traffic. Normally we geht the information with a 24-48h delay.
Nat RULE certainly has the Log option enabled. I also see the NAT State Rules unter Firewall/Diagnostics/pfInfo. But no logging.
Any ideas, is it a Bug?
regards Martin
i have a problem with NAT rules and logging.
That does not work as expected. I have configured a remote syslog server and send all logs that way. I receive all logs about block / pass rules but no information about NAT rules.
Background is, we have a VPN Gateway with some 1000 users which are natted to 4 IP adresses. If we have users with infected devices we get the information from our CERT, but they send us the external nadded ip, port and timestamp.
To get the real user i need the nat states, which internal IP triggered the CERT Rule for BOT/Virus/Worm traffic. Normally we geht the information with a 24-48h delay.
Nat RULE certainly has the Log option enabled. I also see the NAT State Rules unter Firewall/Diagnostics/pfInfo. But no logging.
Any ideas, is it a Bug?
regards Martin