Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 15 replies
  • Subscribers 4 subscribers
  • Views 19048 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Network Usage not including Intrusion Prevention Exception

Jay Jay

Specifically, I have ftp (port 21) excluded from IPS monitoring because I don't need ftp content scanned (cpu @ 100% when enabled and sending/receiving at full speed).  As a side effect, logging & reporting, network usage, bandwidth usage does *NOT* include bw used by the ftp traffic.

What I'd like to do is keep the ftp traffic from being scanned, but include its volume in the bw usages totals.

How?



This thread was automatically locked due to age.
Parents
  • 0

    Hi Jay, 

    Did you select the log traffic option in the Advance of the Firewall rule definitions for FTP? You may also need to check in the Automatic rules.

    Thanks

  • 0 in reply to sachingurung

    Log traffic is not selected in the firewall rule.  My understanding is this is only necessary if I need lines related to this firewall rule appearing in the firewall log.  I have no need for this.

    What automatic rules are you referring to?

    Recall, the issue is not with accessing the ftp, but rather, files transferred not being reflected in network usage (under logging) when IPS exception is enabled.

  • 0 in reply to Jay Jay

    Hi Jay,

    Yes, I am aware about the issue. I wanted to confirm the basics before moving forward. You can find the Automatic rules in Network Protection > Firewall > inside the drop-down menu "User created rules". I just wanted to verify if the accounting of network usage could be affected due to logging the packet in firewall logs. 

    Thanks

  • 0 in reply to sachingurung

    I've rebooted the utm several times  over the last few days.  BW usage appears to be incrementing properly now.  Nothing has changed setting wise.  Previous reboot was about a month ago. To sum it up, the exception rule is still in place and active but bw usage is inclusive of the ftp transfers now.

    I'll keep an eye on it over the next few weeks.  We'll see if the issue crops up again after a certain uptime.

     

    Edit:  Regarding automatic rules, none are being defined by any other objects.  User rules start at #1.

Reply
  • 0 in reply to sachingurung

    I've rebooted the utm several times  over the last few days.  BW usage appears to be incrementing properly now.  Nothing has changed setting wise.  Previous reboot was about a month ago. To sum it up, the exception rule is still in place and active but bw usage is inclusive of the ftp transfers now.

    I'll keep an eye on it over the next few weeks.  We'll see if the issue crops up again after a certain uptime.

     

    Edit:  Regarding automatic rules, none are being defined by any other objects.  User rules start at #1.

Children
No Data