Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 471 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Display Local Logs for inbound and outbound traffic of Sophos Firewall Interfaces

Vladi Zer

Hello,

I've installed SFOS 19.0.1 MR-1-Build365 in my environment

I have 3 interfaces - WAN, LAN and DMZ and selected ICMP enabled for both LAN and DMZ interfaces in Administration -> Device access tab

In each zone i have installed test host which default GW points to the Sophos interface IP address

I've enabled in System Services -> Log Settings -> all the logs including local ACLs

Now when i try to ping from any of the test hosts the default GW, i expected to see those logs under Sophos -> Log viewer but without any success.

From what i understand, Log viewer only shows transit traffic logs in Log Viewer -> Firewall

My question is where can i locate all the inbound and outbound traffic logs in Sophos GUI? Is it supported?

For example, if somebody from the internet pings my Sophos WAN interface IP address, it's blocked and i want to see a correlated log about it.

Or when somebody is pinging from DMZ the Sophos LAN interface IP address -> will it be logged? Under what category

How can i see those mentioned logs?

Just to confirm, I do see this traffic when enabling Packet capture under Diagnostics tab.

Thanks in advance.



This thread was automatically locked due to age.
Parents
  • 0

    Hello there,

    Thank you for contacting the Sophos Community.

    You could use the Log Viewer and Filter by

    Firewall > Add Filter > 

    Field = Protocol

    Condition = is

    Value = ICMP

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Hi,

    What you suggest still doesn't show me the logs i'm looking for.

    Firewall only shows transit logs based on my understanding. And if the traffic is destined to any of the Sophos Firewall interfaces, those logs are not presented under Firewall logs even if i apply specific ICMP filter. Seems like this kind of traffic is marked differently than firewall category traffic.

    This is my query and i don't know where to look for these inbound traffic logs. I thought that it should be straight forward like in any other FW vendor but seems like not.

    Any help is appreciated.

    Thanks.

Reply
  • 0 in reply to emmosophos

    Hi,

    What you suggest still doesn't show me the logs i'm looking for.

    Firewall only shows transit logs based on my understanding. And if the traffic is destined to any of the Sophos Firewall interfaces, those logs are not presented under Firewall logs even if i apply specific ICMP filter. Seems like this kind of traffic is marked differently than firewall category traffic.

    This is my query and i don't know where to look for these inbound traffic logs. I thought that it should be straight forward like in any other FW vendor but seems like not.

    Any help is appreciated.

    Thanks.

Children
No Data
Unfiltered HTML