FW Action = NA in the event logs. What does it mean?
network_ninja
Newbie ✭
HI,
I am troubleshooting IPS in the event logs. A specific event logs show that the FW Action is NA. I don't seem to understand this as other actions says drop.
What does NA mean in the FW action?
Does the NA means no action has been taken on the packet and just allowed to pass through the firewall or was it discarded/dropped?
Thank you for your responses in advance.
Category: Mid Range Firewalls
0
Answers
Here is the sample logs. I tried to find a documnetation about it but cannot find one.
Hi @network_ninja the NA just means "not associated with a packet, firewall action is Not Applicable", which means the Firewall did not do any action on the packet. Other Actions are forward, drop and mgmt, which a self-explaining.
--Michael@BWC
Hi BWC,
I appreciate the response and I read that somewhere in the sonicwall documents.
This sentence from the sonicwall document confuses me "not associated with a packet, firewall action is Not Applicable"
When you said "Firewall did not do any action on the packet" does this mean the packet was able to pass through the firewall and got to it's intended destination or was it discarded because there was not enough information to associate it to any packet?
Appreciate your response Sir.
Hi @network_ninja to say for sure what happened we need to put the packet in context. But it is my understanding that "na" isnt't showing some form of block therefore the packet is passing through.
Events for "IKEv2 Received Dead Peer Detection Response" are also marked with fw_action="na" for example, which is clear that there was no fw action.
On the other hand, an Application Control Prevention shows a fw_action="drop", which is clear as well.
--Michael@BWC