Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

View Access Policies in System Log

Hi All,

i setup a clean up rule at the end of my access polices and see loads of hits there.

Now i wanted to see what this is all about but even with the logging option enabled in the rule i cannot see the details on the system log tab? Do i miss something here?

thanks for enlighten me!


Category: Entry Level Firewalls
Reply

Best Answer

  • CORRECT ANSWER
    BWCBWC Cybersecurity Overlord ✭✭✭
    edited August 2022 Answer ✓

    @ArminF did you enabled the events in the Log Settings for being shown in the GUI?

    Device -> Log -> Settings ... check for Category Network -> TCP (and UDP) and probably the Event TCP Packets Dropped have a very high Event Count ... to avoid flooding the log, these Events are not populated to the GUI, you have to enable them manually.

    --Michael@BWC

Answers

  • ArminFArminF Newbie ✭

    Michael@BWC -> as usual SPOT ON!

    I went to the Log settings before but was looking for access policy. Did not thought to look into TCP / UDP drop/deny etc...

    But i had to raise the log level to Alert from notice to get it reflected.

    Thought this log is more common and shows whats going on not focusing on warning/alert only.


    thanks!

    armin

  • ArminFArminF Newbie ✭

    @BWC

    Michael, one more thing for my understanding.

    Would i need a cleanup DENY ALL rule?

    Or does no rule mean drop all / log all anyway?


    thanks

    armin

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @ArminF there is an implicit Drop All Rule for everything that is not handled and no additional Rule is necessary. This differs from you might know from iptables/netfilter based Firewalls or CheckPoint etc.

    Like you did, I'am creating a Rule only in times where I need to do some sniffing/logging.

    --MIchael@BWC

Sign In or Register to comment.