Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 7101 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Log View not showing denied

PMMiller

Much like this post, https://community.sophos.com/products/xg-firewall/f/logging-and-reporting/98950/how-to-log-dropped-firewall-http-s-traffic, I'm noticing that since upgrading to v17 that the log viewer doesn't show all of the blocked traffic.  Is this a bug, or is there a setting need changed? 



This thread was automatically locked due to age.
Parents
  • 0

    Hello,

    today i have a same issue. the case:

    the XG (17.5.4) is only configured with firewall rules

    user want to use a FTP over TLS Connection and the login works and after that the client want to list the directory and this fails. The reason was that there was an firewall rule for port 21 and 6000 to 6100(UDP) but the connection for the ports 6000-6100 runs over TCP and not UDP. In the firewall logs there was no blocking logged. With TCPDUMP i found the failure and accept the TCP Ports and then it works.

    The "new" accepted TCP Ports were logged and other blocking ports were also logged so is not a normal behaviour for me.

    michael

Reply
  • 0

    Hello,

    today i have a same issue. the case:

    the XG (17.5.4) is only configured with firewall rules

    user want to use a FTP over TLS Connection and the login works and after that the client want to list the directory and this fails. The reason was that there was an firewall rule for port 21 and 6000 to 6100(UDP) but the connection for the ports 6000-6100 runs over TCP and not UDP. In the firewall logs there was no blocking logged. With TCPDUMP i found the failure and accept the TCP Ports and then it works.

    The "new" accepted TCP Ports were logged and other blocking ports were also logged so is not a normal behaviour for me.

    michael

Children
No Data