RE: Netscreen email logging

["Philip J. Koenig" <pjklist () ekahuna com>]

On 27 Sep 2002 at 11:03, Eddy Kalem boldly uttered: 

> Where's the mail host located? Trusted or Untrusted interfaces?


On the 5XP - trusted, on the 25 - untrusted.  Right now I'm in 
testing mode with the 25, I have it in a test network prior to 
installation in the live network.

The only idiosyncracy in the test network is that since I'm using the 
same routable IPs as the box will use "in real life", they are not 
routable to the internet (my ISP isn't routing someone else's IPs to 
me) so I can't send traffic to the "world at large".  However I have 
this running through a Cisco which is connected directly to and has a 
static route to the subnet which holds the SMTP server.  Connectivity 
to that subnet is fine, I can send traffic both ways normally. (for 
the moment the SMTP server's subnet thinks the route to the 
Netscreen's subnet is through my internal Cisco, instead of my 
external gateway)


> Have you checked your logs as to a possible reason why it's not working?


If you're referring to "get log event" or "get log self" or "get 
alarm event" etc, then yes I've checked those.  No indication it 
either tried or failed to send email logs. (I have no idea if it logs 
this anyway)

I've also looked at the SMTP server logs and there's no indication 
the Netscreen attempted to open an SMTP handshake with it.

 
> I compared your entries to mine and seems you have the appropriate entries.
> My mail server is on my Trusted interface.
>
> Eddy Kalem


Thanks for your suggestions.. I'm still stumped on this.


> -----Original Message-----
> From: Philip J. Koenig [mailto:pjklist () ekahuna com]
> Sent: Thursday, September 26, 2002 8:07 PM
> To: firewall-wizards () nfr com
> Subject: [fw-wiz] Netscreen email logging
>
>
> I have tried to get email alerts and logs working with 2 different 
> Netscreen boxes (5XP Elite and 25) with no success.  Everything else 
> pretty much works as expected except this.  I have asked Netscreen 
> support about it more than once and get the equivalent of a shrug 
> from them.
>
> Is there some secret to this I'm missing?  Here are the relevant 
> entries from the configuration file:
>
> set admin mail alert
> set admin mail traffic-log
> set admin mail server-name <hostname or IP>
> set admin mail mail-addr1 <email address>
>
>
> I've finally gotten used to their idiosyncracy of needing a manual 
> route entry for any network that receives or sends to the firewall 
> itself, so this isn't the problem.


--
Philip J. Koenig                                       pjklist () ekahuna com
Electric Kahuna Systems -- Computers & Communications for the New Millenium


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards