Thread Info
  • State Not Answered
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 22 replies
  • Subscribers 33 subscribers
  • Views 62117 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocked traffic not logged - Bug

lferrara

Today,


one of my external connection was not working, so I decided to have a look at Security Logs to see which port this application uses.

Blocked traffic is not logged. I filtered by destination IP (because I know the IP), but nothing appears. No filter, same result.

So to know which port was used, I created a Policy rule allowing ALL and then I was able to find the destination port.

This is a bug. Can someone do this test?

Luk



This thread was automatically locked due to age.
Parents
  • 0

    Hello everyone. Just started testing XG Firewall SFOS 17.0.6 MR-6 and I can confirm that in 2018 the symptoms persist.

    It would be great if a Sophos engineer could explain this behavior: all blocket outbound traffic from LAN to ANY is indeed blocked by default but it is not logged anywhere.

    By adding at the bottom a "DENY ALL THE REST" rule, I could capture the dropped packets. A in-deep explanation about the firewall chains would be welcome.

    Could this be corrected with a minor release?

     

    Chris

  • 0 in reply to Christian Ioiart

    Hello

    XG logging needs a serious facelift.  You cannot do a clean up rule like all other firewalls on the planet.  "any-any-any drop" rule will inevitably lead to false reporting in logs files.

Reply Children
No Data