Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

FW Action = NA in the event logs. What does it mean?

HI,

I am troubleshooting IPS in the event logs. A specific event logs show that the FW Action is NA. I don't seem to understand this as other actions says drop.


What does NA mean in the FW action?

Does the NA means no action has been taken on the packet and just allowed to pass through the firewall or was it discarded/dropped?


Thank you for your responses in advance.

Category: Mid Range Firewalls
Reply

Answers

  • network_ninjanetwork_ninja Newbie ✭

    Here is the sample logs. I tried to find a documnetation about it but cannot find one.


  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @network_ninja the NA just means "not associated with a packet, firewall action is Not Applicable", which means the Firewall did not do any action on the packet. Other Actions are forward, drop and mgmt, which a self-explaining.

    --Michael@BWC

  • network_ninjanetwork_ninja Newbie ✭

    Hi BWC,

    I appreciate the response and I read that somewhere in the sonicwall documents.

    This sentence from the sonicwall document confuses me "not associated with a packet, firewall action is Not Applicable"

    When you said "Firewall did not do any action on the packet" does this mean the packet was able to pass through the firewall and got to it's intended destination or was it discarded because there was not enough information to associate it to any packet?

    Appreciate your response Sir.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @network_ninja to say for sure what happened we need to put the packet in context. But it is my understanding that "na" isnt't showing some form of block therefore the packet is passing through.

    Events for "IKEv2 Received Dead Peer Detection Response" are also marked with fw_action="na" for example, which is clear that there was no fw action.

    On the other hand, an Application Control Prevention shows a fw_action="drop", which is clear as well.

    --Michael@BWC

Sign In or Register to comment.