Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 3594 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Missing log items in UTM9 (9.407-3)

Duy Huynh

Hi,

UTM9 (9.407-3) firewall log may have bug....either the firewall itself or the log feature only.

- Added "allow/ log traffic" rule from any LAN client <-> SIP simulated server.

- Tried to send packets from client to server, by hand using a random packet sender tool, 10 times in a row and there are only one or two of them logged (checked in live log as well as in Logging & Reporting menu).

- At the same time, the packet sender tool show 10 successful send & receive records in both client and server.

I wonder if firewall is doing it job correctly and issues may reside in the log feature only/ itself. This appliance look unreliable since this is done by hand and the UTM missed the logs, imaging if this is carried by a real attack with thousands of packets...

 

 

Best Regards,

Duy Huynh.



This thread was automatically locked due to age.
Parents
  • 0

    Duy, is there anything in the Intrusion Prevention log file while you were running this test?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Duy, is there anything in the Intrusion Prevention log file while you were running this test?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML