Wireless Access

Reply
Occasional Contributor II
Posts: 37
Registered: ‎04-22-2016

External Firewall Hits Logging

Is there a means by which the controll firewall logs can be forwarded to an external server?

 

I have already setup the firewall logs under Security in the logging configuration at debugging level and sending to an external syslog received. I'm seeing the messages, but they are not very useful. Most if not all the messages are deny messages (even in debug mode) and I see a number of denied hits for a destination IP of the wireless client gateway versus the external IP they are attempting to hit.

 

Bottom-line I'm trying to debug an issue where certain resources are not accessible from a captive role governed by the stateful firewall policy. I would like to be able to see in real-time a device being denied access as to identify resources that are incorrectly being denied.

Guru Elite
Posts: 20,800
Registered: ‎03-29-2007

Re: External Firewall Hits Logging

Type "show datapath session table <IP address of client>" on the command line of the controller to see what is being allowed and denied in real-time.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 37
Registered: ‎04-22-2016

Re: External Firewall Hits Logging

Thank you Colin for the quick reply - I'm aware of that CLI command, but that requires determining the controller client is connected to, logging in and then replicating the issue. I was hoping to find a way to log that traffic outbound to an external server as to have both real-time and historical data.

Guru Elite
Posts: 20,800
Registered: ‎03-29-2007

Re: External Firewall Hits Logging

If you are using Airwave, it will automatically locate the controller that the user is on, and you can just use "run a command" for "show datapath session table" on the controller that the user is on;

 

airwave.png



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 37
Registered: ‎04-22-2016

Re: External Firewall Hits Logging

That's an improvement - thank you. However there is no way to export this data via syslog? Even in debug mode the forwarded firewall logs show mostly UDP and ICMP traffic. The TCP traffic I do see (infrequent hits) appear to be denies destined for the network gateway address - not the actual source IP.

Guru Elite
Posts: 20,800
Registered: ‎03-29-2007

Re: External Firewall Hits Logging

You need to log on all ACLs in the user role to see everything.  It can drive the CPU up on the controller to do this, however, so it is not advised to log all sessions in a user role.

 

What is your problem and what are you trying to do specifically?  There might be a better approach..



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 37
Registered: ‎04-22-2016

Re: External Firewall Hits Logging

I have a new out-of-the-box Samsung Android table I'm testing with and I cannot connect to Google Play. I have a number (20) of stateful firewall rules enabled to allow access to a myriad of places. If I remove the device from the captive state governed by those rules, it connects with no issue, so there is something in the firewall rules that is disallowing access to Google Play. I figured watching the firewall logs would point me in the right direction.

Guru Elite
Posts: 20,800
Registered: ‎03-29-2007

Re: External Firewall Hits Logging

For google play, it is tough.  Are you using the method here?  https://community.arubanetworks.com/t5/Controller-Based-WLANs/How-to-permit-Google-play-store-access-for-captive-portal-guest/ta-p/181652

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 37
Registered: ‎04-22-2016

Re: External Firewall Hits Logging

Yes, I have setup a Google Play stateful firewall policy with those URLs as well as a number of others, still unable to access the store from a captive state.

Guru Elite
Posts: 20,800
Registered: ‎03-29-2007

Re: External Firewall Hits Logging

What is the output of "show rights <role>"?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: