Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 1 reply
  • Subscribers 5 subscribers
  • Views 1238 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Basic setup on latest utm 9.6 log default drop

Renede Bie

Hi

I followed a guide to setup internet browsing and simple nat. It works but I only see red in my firewall log with comment default drop did check rules they are setup allowed.

Is there a way to log the succes from a firewall filter?



This thread was automatically locked due to age.

  • Logging

    Yes, but not for default rules.   When you create a firewall rule, you can choose whether to log success or failure or both or none.

    Normal Drops

    TCP disconnect involves two packets, one in each direction.   UTM invalidates the connection tracking as soon as one of them is detected, so the reply is discarded with default drop.   You will see FIN or RST in the TCPFlags when it happens.   These can be ignored.

    Architecture

    Traffic that flows through the web filter layer will bypass the firewall rules.   UTM is a collection of mutually exclusive packet filters, with the firewall rules being the default filter when none of the others apply.  Read the material in the WiKi section for more details on this.   Consequently, if web filtering is enabled and working, the firewall logs are not relevant.

    Log Viewing

    The firewall log is simplified when using the Live Log.   Download the file and review it in a text editor for the full contents.   This is a performance trick which only applies to the packetfilter / firewall log.

     

Unfiltered HTML