OK... I'm officially baffled.
In short, I have hosts defined on the local network whose traffic is not captured in the Firewall Logs nor the LAN Connections under Support/Advanced.
All my LAN hosts, authenticate and are passed IP via DHCP. In this one clearly defined Host, a shared resource that uses both TCP and UDP, I've been trying to debug why some hosts can find it and others cannot. All are on the same subnet. I have tried tried every possible combination from wide open ANY to ANY to identifying each and every port possible. It is not listed in IPS. None of the traffic is web related (HTTP, HTTPS, 8080 or 8088, etc).
It has a properly resolving IP based on it's MAC. I can ping it with sub 2ms error free endlessly.
I can run a nettop -n route and it shows the connections and traffic counts TCP 1024 and usually two UDP connections. One around connection @ UDP 1320-1399 (approx) and another broadcast stream between 55000 and 55000.
I can't figure out:
1. I cannot seem to force logging of ANY traffic other than two successful NTP (123) entries on this host in the Netowrk/Fireall, why not?
2. Support/Advanced/Lan Connections does not even show one connection as source or destination.
The scariest part is what ELSE am I missing. This is just a $1000 B&W Airplay Speaker, so it's not critical, but it's clearly indicative of some greater problem (likely I've misconfigured something, or its a bug), which is preventing true reporting and likely creating a much greater risk profile than I intended.
Grateful for ANY help.
Thank you,
John
I'm attaching some clips from SG UTM Ping, another host Ping and it's associated nettop output.
This thread was automatically locked due to age.
