Firewall Logs

Email to friend

Add comment

Votes: 0

Comments: 0

Posted: 31 May, 2010
by: Knowledge M.

Updated: 31 May, 2010
by: Knowledge M.

A firewall log entry is made for each rule that is set to log and for the default deny rule.

To view the parsed logs you have to go to Status -> System Logs on the Firewall tab.

Parsed logs are displayed in 6 columns: Action - Time - Interface - Source - Destination - Protocol. Action tells what happened to the packet which generated the log entry - its either Pass, Block, or Reject. Time tells the time when the packet has arrived. Interface is the interface through which the packet entered Mettle SE. Source is the source IP address and the port the packet originated from, Destination is the destination IP address and port of the packet. Protocol is the protocol of the packet.

The 'Action' icon displayed in the logs is a link, clicking it will lookup and display the rule which caused the log entry.

If the Protocol is TCP, you will see extra fields that represent TCP flags present in the packet. These flags indicate various connection states or packet attributes, some common flags are:

S (Syn) - Synchronise sequence numbers. Indicates a new connection attempt when only SYN is set.
A (Ack) - Acknowledgemet to the data received.
F (Fin) - Indicates there is no more data from the sender, connection closing.
R (Rst) - Connection reset

There are several other flags and their meaning is outlined in articles realted to TCP protocols
http://en.wikipedia.org/wiki/Transmission_Control_Protocol

Also read

	Adding Firewall Rules

Others in this Category

	Initial Configuration: Setting up Mettle SE in a Local Area Network with Internet Connection.
	Default IP Address & Admin Password (And How To Change It?)
	Configuring DHCP Server
	Enabling The LAN Hosts To Use The Internet Connection (NATing)
	Adding A Second (Or More) Internet Connection To Mettle SE & Setting Up Failover/Load Balancing
	Monitoring The Internet Usage
	How To Turn On/Off The Content Filter & Gateway Antivirus Service
	Fine Tuning The Content Scanner
	Setting Up PPTP VPN accounts
	OpenVPN: Setting Up SSL-VPN accounts
	Setting Up IPsec VPN Accounts
	Deploying A Second LAN With Mettle SE.
	Choosing a VPN Technology
	Adding Firewall Rules
	Setting Up Mettle SE Stack for Active/Passive Fail-Over (CARP)
	Connecting & Securing a Leased Line Connection to Mettle SE
	Port Forwarding (PAT)
	Creating a DNS Entry/Record for the LAN
	Blocking GTalk in the LAN
	Blocking Yahoo! IM from the LAN
	OpenVPN: If VPN Clients Want to Access a Subnet other than "Local network"
	Setting up IPSec Tunnel
	Open VPN Troubleshooting
	PPTP VPN Troubleshooting
	NTP Client/Server
	Setting Up an IPSec VPN Client: Example Given Using Shrewsoft VPN Client
	Firewall: Alias
	Captive Portal
	Virtual IP Address
	OpenVPN: Setting Up a SSL-VPN Client in Windows
	Creating Tagged VLANs
	Cloning Firewall Rules
	IPsec VPN Troubleshooting
	Wake On LAN
	Inbound Loadbalancing
	OpenVPN: Setting up Certification Authority & Generating Certificates
	Changing default webGUI Port and Protocol
	Using Packet Capture
	Using Traceroute
	Package Updates
	OpenVPN: To make OpenVPN client use VPN as the Default Gateway
	OpenVPN: To exclude some Network from using VPN gateway when VPN is set as default gateway for VPN client
	Adding a Static DHCP Lease
	Schedule Based Firewall Rules
	RRD Graphs
	Server Load Balancing
	Backup and Restore Mettle SE Running Configuration
	Event Logging To Remote Syslog Server
	Split DNS
	NAT Reflection/NAT Loopback
	Dynamic DNS