Clean Up rule "from any, to any, drop" that's allowed on the Internet anyway !!! WTF ?

Yeah, this would be a serious issue if the Log Viewer was truly reflecting what's happening.

Unfortunately the Log Viewer is mostly broken and doesn't report correctly on what the device is doing.

If you want to really know what's happening access the XG Firewall via SSH and use the command line tools.

The GUI is useful for creating objects, rules, interface status and the occasional report. Serious log analysis using the GUI will just leave you frustrated, confused, no hair and an endless stream of swearing.

ChrisKnight said:

Yeah, this would be a serious issue if the Log Viewer was truly reflecting what's happening.

Unfortunately the Log Viewer is mostly broken and doesn't report correctly on what the device is doing.

If you want to really know what's happening access the XG Firewall via SSH and use the command line tools.

The GUI is useful for creating objects, rules, interface status and the occasional report. Serious log analysis using the GUI will just leave you frustrated, confused, no hair and an endless stream of swearing.

Hi Chris,

I'm really glad you posted this because I've had dozens of issues based on strange GUI log entries that I have placed into 1 of 2 large buckets: (1) Major defect; or (2) The device is lying to me...based on your post, seems like #2 is the winner.

Would you also say syslog reporting is erroneous as well? 

Also, and you may not know but would you say the UTM suffers the same lack of reliable logging?  Is this just that Sophos isn't making the best stuff?  Or is maybe the XG just still too green?

I really want to like the Sophos gear but boy if they aren't making it difficult...

My understanding by looking at the various scripts and binaries installed in SFOS is that pretty much everything is thrown into a Postgres database and all the reporting is done out of this.

Hence the Log Viewer is broken due to some god-awful SQL queries.

I haven't looked at the syslog stuff. If syslog is also chucked into the Postgres database then it also could be screwed over by poorly written SQL queries. If you want to make sure, shell into the box and filter /var/tslog/syslog.log.

The underlying Open Source components are all pretty robust. It's just unfortunate that it's either missing bits (like comprehensive IPv6 support and a solid, well tested MTA) or has some poorly written substitutes (hello warrenmta). We can all see how good the custom bits that sit over the top of it all go. You only have to read all these threads on the forums...

I don't know about the UTM unfortunately.

Ditto on your last sentence.

My understanding by looking at the various scripts and binaries installed in SFOS is that pretty much everything is thrown into a Postgres database and all the reporting is done out of this.

Hence the Log Viewer is broken due to some god-awful SQL queries.

I haven't looked at the syslog stuff. If syslog is also chucked into the Postgres database then it also could be screwed over by poorly written SQL queries. If you want to make sure, shell into the box and filter /var/tslog/syslog.log.

The underlying Open Source components are all pretty robust. It's just unfortunate that it's either missing bits (like comprehensive IPv6 support and a solid, well tested MTA) or has some poorly written substitutes (hello warrenmta). We can all see how good the custom bits that sit over the top of it all go. You only have to read all these threads on the forums...

I don't know about the UTM unfortunately.

Ditto on your last sentence.