An internal router is sending UDP keep-alive packets that are being encapsulated with GRE and sent through your R70 Security Gateway to a partner site. A rule for GRE traffic is configured for ACCEPT/LOG. Although the keep-alive packets are being sent every 1 minute, a search through the SmartView Tracker logs for GRE traffic only shows one entry for the whole day (early in the morning after a Policy install).
Your partner site indicates they are successfully receiving the GRE encapsulated keep-alive packets on the 1-minute interval.
If GRE encapsulation is turned off on the router, SmartView Tracker shows a log entry for the UDP keep-alive packet every minute.
Which of the following is the BEST explanation for this behavior?
A.
The Log Server log unification process unifies all log entries from the Security Gateway on a specific connection into only one log entry in the SmartView Tracker. GRE traffic has a 10 minute session timeout, thus each keep-alive packet is considered part of the original logged connection at the beginning of the day.
B.
The Log Server is failing to log GRE traffic property because it is VPN traffic. Disable all VPN configurations to the partner site to enable proper logging.
C.
The log unification process is using a LUUID (Log Unification Unique Identification) that has become corrupt. Because it is encrypted, the R75 Security Gateway cannot distinguish betweenGRE sessions. This is a known issue with the GRE. Use IPSEC instead of the non GRE protocol for encapsulation.
D.
The setting Log does not capture this level of details for GRE Set the rule tracking a action to audit since certain types of traffic can only tracked this way.
A.Confirmed on object gre –> service properties settings –> virtual session timeout–>600 sec