Jump to content
Welcome to our new Citrix community!

Diagnose traffic/packet drop


Hafiz Nizar

Recommended Posts

Hi guys,

 

I need your help. Currently we have an email security app that sits behind our firewall.

So when an email come, it will hit the ADC first, then get pass to the email security via firewall.

 

Few days ago, we have an issue whereby email from some outside client/domain couldn't reach the email security.

So I want to check on the ADC what happened when the email from that domain reach our ADC.

 

What is the best way to diagnose this? I want to check if any security features on the ADC made the email drop if any.

 

Thanks

Link to comment
Share on other sites

if you don't see anything in the logs maybe you should create a audit message action and a responder policy.

 

something like this(this only an example) :

 

add audit messageaction audit_log_mail INFORMATIONAL "\"alertType=NS  Log - clientIP=\" + CLIENT.IP.SRC +\" VIP=\" + CLIENT.IP.DST "
add responder policy test_mail "CLIENT.IP.SRC.BETWEEN(98.120.120.0,98.120.120.55)" NOOP -logAction audit_log_mail

 

if you know what you are looking for you can have a different rule in the policy.

Bind this to the vip.

 

 

make sure the user defined logs go to  syslog.

 

# show syslogparams

 UserDefinedLogging: YES   if it is enabled.

 

If not, you you have have to :

 

#set syslogparams  -userDefinedAuditlog YES

 

then you can check /var/log/ns.log

 

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...