Firewall Analyzer only opening ports for IPv6
Running OPM 12 with
12000_APIClientFix_Apr15th applied.
When I try to add my Palo Alto Networks PA-200 to FWA following the manual, no logs appear.
I can verify through tcpdump that packets are hitting udp/1514 on my OPManager server:
[root@opm12 bin]# tcpdump -nn | grep 1514
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:34:51.841734 IP 10.10.10.2.51800 > 10.10.10.101.1514: UDP, length 377
11:34:52.841823 IP 10.10.10.2.51800 > 10.10.10.101.1514: UDP, length 379
11:34:54.842109 IP 10.10.10.2.51800 > 10.10.10.101.1514: UDP, length 373
11:34:54.842117 IP 10.10.10.2.51800 > 10.10.10.101.1514: UDP, length 373
However nothing shows up in the UI for Firewall Log Analysis.
I'm able to monitor the firewall through SNMP.
When I check netstat on the OPManager server for which ports are opened I only get IPv6 UDP ports opened for my FWA syslog listeners:
[root@opm12 bin]# netstat -ln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:32000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:13306 0.0.0.0:* LISTEN
tcp 0 0 :::40928 :::* LISTEN
tcp 0 0 :::49793 :::* LISTEN
tcp 0 0 :::58146 :::* LISTEN
tcp 0 0 :::46701 :::* LISTEN
tcp 0 0 :::80 :::* LISTEN
tcp 0 0 :::2000 :::* LISTEN
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 ::1:25 :::* LISTEN
tcp 0 0 ::1:13306 :::* LISTEN
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp 0 0 :::514 :::*
udp 0 0 :::519 :::*
udp 0 0 :::35346 :::*
udp 0 0 :::162 :::*
udp 0 0 :::46121 :::*
udp 0 0 :::41650 :::*
udp 0 0 :::48055 :::*
udp 0 0 :::6969 :::*
udp 0 0 :::47418 :::*
udp 0 0 :::69 :::*
udp 0 0 :::41935 :::*
udp 0 0 :::26837 :::*
udp 0 0 :::43618 :::*
udp 0 0 :::35945 :::*
udp 0 0 :::1514 :::*
raw 0 0 0.0.0.0:1 0.0.0.0:* 7
Please advise.
Thank you in advance.
When I try to add my Palo Alto Networks PA-200 to FWA following the manual, no logs appear.
I can verify through tcpdump that packets are hitting udp/1514 on my OPManager server:
[root@opm12 bin]# tcpdump -nn | grep 1514
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
11:34:51.841734 IP 10.10.10.2.51800 > 10.10.10.101.1514: UDP, length 377
11:34:52.841823 IP 10.10.10.2.51800 > 10.10.10.101.1514: UDP, length 379
11:34:54.842109 IP 10.10.10.2.51800 > 10.10.10.101.1514: UDP, length 373
11:34:54.842117 IP 10.10.10.2.51800 > 10.10.10.101.1514: UDP, length 373
However nothing shows up in the UI for Firewall Log Analysis.
I'm able to monitor the firewall through SNMP.
When I check netstat on the OPManager server for which ports are opened I only get IPv6 UDP ports opened for my FWA syslog listeners:
[root@opm12 bin]# netstat -ln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 127.0.0.1:32000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:13306 0.0.0.0:* LISTEN
tcp 0 0 :::40928 :::* LISTEN
tcp 0 0 :::49793 :::* LISTEN
tcp 0 0 :::58146 :::* LISTEN
tcp 0 0 :::46701 :::* LISTEN
tcp 0 0 :::80 :::* LISTEN
tcp 0 0 :::2000 :::* LISTEN
tcp 0 0 :::22 :::* LISTEN
tcp 0 0 ::1:25 :::* LISTEN
tcp 0 0 ::1:13306 :::* LISTEN
udp 0 0 0.0.0.0:68 0.0.0.0:*
udp 0 0 :::514 :::*
udp 0 0 :::519 :::*
udp 0 0 :::35346 :::*
udp 0 0 :::162 :::*
udp 0 0 :::46121 :::*
udp 0 0 :::41650 :::*
udp 0 0 :::48055 :::*
udp 0 0 :::6969 :::*
udp 0 0 :::47418 :::*
udp 0 0 :::69 :::*
udp 0 0 :::41935 :::*
udp 0 0 :::26837 :::*
udp 0 0 :::43618 :::*
udp 0 0 :::35945 :::*
udp 0 0 :::1514 :::*
raw 0 0 0.0.0.0:1 0.0.0.0:* 7
Please advise.
Thank you in advance.