hosts license) whereas the front end FWs are 2 modules (unlimited as well).
The reason for the expensive licensing choice is not easily explainable,
just do not consider it.

One of the front end FW has got 7 NIC and one of them (of course) is
directly linked to the management. Let's call this interface "en2". This
interface does not send any log messages to the management since
a couple of months; we do not yet tried with a reboot, because I thought
to write here before. In particular this is what I found:

1) if I ping from the internal network one of the interfaces I just record
the echoes request and reply passing through the back end FW
(the management), no log are produced from en2.

2) If I ping an object which is placed outside the front end FW (like
a router or another system) I see entries in the log file coming from
the back end FW and from the external interface of the front end FW,
but nothing is still coming from en2.

By the way, the ping succeed, as expected, but it is not logged
by en2, though tracking was enabled on its firewall.

I do not use implied rules, I explicitly permit the echoes "up and down"
flow. I used tcpdump to monitor the en2 activity and no FW1_LOG packets
(TCP 257) have been produced, whereas a similar monitoring on the
other frontend FW gives the expected results (echoes request and reply
+ TCP 257 flow directed towards the management)

The antispoofing rules have been set correctly (since a similar
configuration on the other FW works properly)

Do you have any idea ? Are there any parameters I should look into,
maybe in the "conf" or "lib" directory conf files ?

Thanks in advance and sorry for my English and my FW-1 ignorance as well

Best regards

Alessio Pierotti - Rome

[FW-1] problem with FW1_LOG protocol from one of my interfaces