Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 7481 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

web activity not showing

TarekHalloun

hello 

i replaced an old TMG with the xg appliance as gateway 

i set up the rules as shown in the pictures , but i am facing 2 issues :

  • the bandwidth showing in the control center is bigger than my current internet bandwidth
  • i have 0 web activity
  • i have a rule that showing no passthrough whatsoever

do i need a Lan-to-lan rule if im using the proxy rule ? does the firewall rules work from up to down (like the TMG ?) 

i have several subnet connected by static routed to the XG .. i added the ip normally but did not have any place to add the subnet of the ip 

 



This thread was automatically locked due to age.
Parents
  • 0

    There is a little delay in the bandwidth shown on the page.

    The web reports are for the previous 24 hours

    Rules are parsed top to bottom and they look ok the way you have them setup other than

    1. You don't need lan to lan rule. Lan traffic would never hit the firewall.

    2. Rule 5 is most likely passing all the traffic and the rules below are only allowing ports that are not covered by rule 5

    Hope this helps.

     

  • 0 in reply to Billybob

    hello billybob and thank you 

    i removed the lan rule , it had no activity whatsoever 

    as for the rule 5 (the proxy) this means the internet is opened for everyone right ? the rule beneath it are not blocking http and https true ?!

    can i remove it and keep the other rules working ? 

     

     

    also for the web activity , it is more than 48 hours and more than 20 GB of internet but still no web activity showing- i think now because of the proxy

  • 0 in reply to TarekHalloun

    you don't need port 3128 for http proxy in rule 5 unless you need upstream proxy for internal clients. Maybe that is what is messing with your 24 hour web history. If you enable web categorization or http/s filtering in your firewall rule XG's web proxy will automatically pick up those connections.

    If you want to apply users rules as you have below rule 5, you can safely disable rule 5 and your users rule will be more effective. Right now most of your traffic is handled by that rule regardless of the other rules underneath. The last deny rule (rule 1) is optional. I usually use such a rule to see what traffic is being denied. Technically the firewall should show a drop for traffic that is not processed by any rule but some people claim that they don't see all the denied traffic so your rule1 won't won't hurt anything.

Reply
  • 0 in reply to TarekHalloun

    you don't need port 3128 for http proxy in rule 5 unless you need upstream proxy for internal clients. Maybe that is what is messing with your 24 hour web history. If you enable web categorization or http/s filtering in your firewall rule XG's web proxy will automatically pick up those connections.

    If you want to apply users rules as you have below rule 5, you can safely disable rule 5 and your users rule will be more effective. Right now most of your traffic is handled by that rule regardless of the other rules underneath. The last deny rule (rule 1) is optional. I usually use such a rule to see what traffic is being denied. Technically the firewall should show a drop for traffic that is not processed by any rule but some people claim that they don't see all the denied traffic so your rule1 won't won't hurt anything.

Children