cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Rules with any Application/Service not logging application in R80.10

Jump to solution

Hello everyone,

After upgrading gateway to R80.10 we noticed rules with Application/Service set to Any do not log applications that match the rules. The exact same rules with R77.30 gateway and R80.10 SMS work fine.

We have tried with both shared and separate layers for network and application rules.

We have tried all kinds of tracking and logging, but the result is always the same.

What am I missing?

1 Solution

Accepted Solutions
Employee+
Employee+

Re: Rules with any Application/Service not logging application in R80.10

Jump to solution

What is your clean-up rule in Application ordered layer?  That should be set to Accept and I recommend a Detailed logging with it's default configuration of Accounting and per Connection enabled:

This should log all traffic and applications if there are no other issues.

Obviously, the gateway handling this ordered policy needs to also have Application Control and URLF blades enabled.

Once you've established that you are logging what you need, unchecking the "per Connection" field will reduce the logs by not explicitly logging the Firewall established connections.

Also ensure that you don't have the Application ordered layer defaulting to an implicit Clean-up rule with drop, which is the default for new layers.

6 Replies
Admin
Admin

Re: Rules with any Application/Service not logging application in R80.10

Jump to solution

"Any" doesn't require the use of Application Control in order to validate.

The log entries you see will therefore show as being accepted by the Firewall and won't have the Application information in it.

The information is still there, but you have to drill into the log entry to find it.

See the following example:

Re: Rules with any Application/Service not logging application in R80.10

Jump to solution

I do not get this information.

In the Session tab, Blade is always Firewall.

Application/Site section does not show.

SmartEvent shows only YouTube in Accepted Applications list because there is an specific rule accepting it.

I will open an SR, but I believe the problem is in my understanding rather than an issue with my gateway.

Log - Session TabLog - Rules Tab

Admin
Admin

Re: Rules with any Application/Service not logging application in R80.10

Jump to solution

In my case, my App Control rule is actually in a sub-policy:

  1. Rule 2 leading to the sub policy is something like:
    • Source: Subnet-A
    • Destination: Internet
    • Service: Any
    • Action: Outbound Policy
  2. Rule 2.4 is a simple "specified hosts/any/any/allow" with Extended Logging enabled.

Re: Rules with any Application/Service not logging application in R80.10

Jump to solution

I missed the detailed logging option. Thank you, Dameon!

0 Kudos
Employee+
Employee+

Re: Rules with any Application/Service not logging application in R80.10

Jump to solution

What is your clean-up rule in Application ordered layer?  That should be set to Accept and I recommend a Detailed logging with it's default configuration of Accounting and per Connection enabled:

This should log all traffic and applications if there are no other issues.

Obviously, the gateway handling this ordered policy needs to also have Application Control and URLF blades enabled.

Once you've established that you are logging what you need, unchecking the "per Connection" field will reduce the logs by not explicitly logging the Firewall established connections.

Also ensure that you don't have the Application ordered layer defaulting to an implicit Clean-up rule with drop, which is the default for new layers.

Re: Rules with any Application/Service not logging application in R80.10

Jump to solution

Detailed logging did the trick! I had only Accounting enabled.

I opened that windows a thousand times and didn't see that. My colleagues neither.

Thank you, Eric!