What is this setting?

And, also (on the same screen):

Note this is from 1590 running R81.10.xx but I believe R77.20.xx has the same settings.

Hi,

Yes I have all of the expected logging settings enabled, which is why this is so perplexing. Anywhere a log can be enabled, it is.

Maybe it's an issue with how I have service/application groups nested in the rules. I'll try separating them out.

Thanks,

Nathan

That makes sense, but what about the other logging behaviour? I don't see any VPN traffic whatsoever, not even encrypted packets crossing. I only see details of these packets when I put a rule at the top of the rulebase denying the traffic.

Is all the logging enabled as per screenshot @PhoneBoy sent?

Andy

Good advice, that can only help!

Thanks. Looks like a lot of good fixes in that, specifically for HTTPS. My certs expired and so I don't have access to open a request to get it anymore, so I'll have to sort something out.

I was able to get the mentioned fix installed. Doesn't appear to be any fix for my logging issues.

Am I not supposed to see logs for encrypted traffic? I realize I won't see what's inside, but shouldn't I still see reference that encrypted data is traversing my interfaces? I see it in packet captures.

Im fairly positive you should be able to see it. Do you not see any of those at all? Did it ever work?

As @PhoneBoy  posted: Your only option on the 1450 is to enable HTTPS Inspection. 

To re-clarify: I'm talking about all encrypted traffic. I don't see any logs whatsoever showing VPN encrypted traffic.

Just my personal opinion, but I could be mistaken, though, I dont see logically why you would need https inspection on for this to work. I dealt with God knows how many clients who did NOT have inspection on their firewall and this worked without any issues.

Further to @PhoneBoy earlier post you have your policy/rules set to log in the following section correct?

Correct. All rules are set to log. Implied rule logging is enabled. Global "log all" settings are set to YES. It's as if as soon as any encrypted traffic his an 'allow' rule, logging goes away for that connection. If I put a 'deny' rule for any of this traffic, I start seeing logs again.

As an example for OpenVPN (UDP/1194) I would only expect to see an entry for the start of the long lived connection/session. Are you not seeing this or are you expecting something more here?

Hi Chris,

I don't see any reference to the connection whatsoever. Someone unfamiliar with my environment would have no idea the connection was even taking place. I don't want to add more confusion to this discussion, but I think there is a bigger issue with my logging. Many other small things don't get log entries either, but the biggest issue is the encrypted traffic. I thought maybe I messed with some CLI global settings, which is why I factory reset the device with a new image on USB, but that didn't seem to help.

I know, for example, on Fortigates, you have an option like below, but Im fairly positive that is not there on SMB appliances (I dont have access to one to confirm):

I haven't found any reference to a setting like this, or in the advanced settings. Maybe there are other CLI options available outside of the GUI "advanced settings". Not sure.

If I had access to SMB appliance, I would be able to tell. Sadly, dont believe you can create VM with one of those images. Unlike Fortinet, where anyone can access free online demo appliance to check out all the fw capabilities, that does not exist on CP side, so my apologies mate Im not able to confirm that for you. Maybe someone else can verify.

There are "Quantum Edge" GAiA embedded images available for ESXi moreover there is also an online Demo 1500 appliance that partner engineers can connect to (contact your SE for more info).

Thanks Chris, did not know that. Will email couple of SE guys we deal with often and ask about the online demo, it would be useful.

Appreciate the info 🙏

Huh, today I learned @Chris_Atkinson 
If you have access to Techpoint, @the_rock, then you can fire it up yourself on demand:

See also the lab guide.

Thanks @PhoneBoy , will give it a go in a bit and see what happens.

I was hoping there was a free online demo, would be easier, but, o well : - )

I will say it again...you are the BEST!! That was super easy, thanks again 👍👍🙌🙌