Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
kb1
Collaborator

A few doubts regarding logs on the smartconsole

So I just have a few basic doubts regarding the logs shown on the smartconsole, just wanted to know if the accepted logs that we see also means that the return traffic is  coming back for sure?or in order to know for sure that we are getting the return traffic do we have to do a packet capture on the firewall? That's basically the only doubt I have regarding logs.

Thanks and regards.

0 Kudos
6 Replies
Danny
Champion Champion
Champion

Correct. In order to know if you are getting return traffic you have to do a packet capture on the firewall. The SmartConsole log doesn‘t provide you with this information.

0 Kudos
kb1
Collaborator

Thank you!
0 Kudos
PhoneBoy
Admin
Admin

Assuming it's part of the same TCP connection or virtual UDP connection, it should be allowed.
You can always confirm with fw monitor/tcpdump.
0 Kudos
kb1
Collaborator

It could be that even if it is part of the same connection the return traffic could be blocked by say an upstream device like a Cisco switch/router which has an acl configured to block that traffic? In that case it will still show the green allowed accepted logs but then you will have to verify the return traffic by doing a packet capture (tcpdump/fw monitor)? That is a possibility right?
0 Kudos
Timothy_Hall
Champion
Champion

Yes that is a possibility, if you want to know for sure whether there is actual two-way communication enable "Accounting" on the relevant rule.  Every 10 minutes (if the connection lasts that long) or when the connection ends, extra information will be added to the original Accept log such as connection time, payload bytes sent and received, and the egress interface on the firewall for the accepted connection (useful for finding a firewall routing table issue).  Assuming you get nonzero connect time and payload bytes values, two way communication is working.  If those particular counters are all zero, connectivity is not working.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
kb1
Collaborator

Than you sir, as always thanks for replying.
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events