Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1101 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SMB traffic port 445 not being logged in logged viewer

Michael_M2

Hi,

I've created a rule to log all traffic from a particular host. I've noticed traffic from port 445 (SMB) isn't being logged in the log viewer.

If I do a packet capture (see below), traffic is being forwarded and the correct rules with logging (19 & 5) but no mention in log viewer.

Is there a reason why traffic isn't being captures in the log viewer?

Michael.



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    that would imply the traffic is not reaching the firewall. Do you have a switch which is either blocking the traffic or routing it to a server?
    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0

    Hi,

    that would imply the traffic is not reaching the firewall. Do you have a switch which is either blocking the traffic or routing it to a server?
    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

Children
  • 0 in reply to rfcat_vk

    It's a virtual firewall in Azure. 10.61.2.6 is a server behind a site to site VPN connection (on the Sophos XG) and 10.13.10.10 is a server in Azure.

    Considering it's in the capture and it's coming in via ipsec0 and out Port A (LAN) would that not mean it's passing through the firewall or am I missing something?