Hi, I'm new to the XG firewall so please forgive me if I have overlooked something obvious here. I came from TMG and I have finished my deployment of the XG to replace it. I need to resolve some small issues with server publishing rules (WAF here) and I am having trouble with filtering the log. In the TMG I would just filter on "Denied" connections so that I could focus on the problems. In the XG I cannot figure out how to filter out the 10s of thousands of normal/successful connections that dont require my attention and only show me the denied connections.
The little icon on the left is already doing this by virtue its GREEN for allowed and RED for denied but the filter bar doesn't give me ability to key off that disposition. After looking at the logs it appears that the field named "reason" is exactly what I need to filter by but it wont work. All successful connections are REASON="-" and all denied connections are REASON='insertvariousreasonhere". I need to be able to filter by REASON <> "-" or =<Not Null> or whatever to say basically "Show me all denied connections"
Could someone please help me out here? I called technical support but they told me they couldn't help with this and I needed to post my question to this community site.
Thank you in advance!
-Jason
This thread was automatically locked due to age.
