Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
LuisSP
Collaborator

Why differents interfaces in logs that concern to one rule?

Saludos.... we have a 1490 smb appliance as perimeter firewall. Two devices at LAN (192.168.3.8, 192.168.3.9) connect to a server (13.82.177.x). ...but I have doubts about logs:

  • even though each device connect to server more than once in a period of time, appliance only logs one time. I am sure that it makes more than one connection, because in each one,, an email is received, and I have the precaution of waiting to receive such email before "firing" another event that causes a connection 
  • Why in the logs the interface WAN appears in one occasion and in another the LAN? randomly I do not think ... but I can not find the pattern !!

It is worth mentioning that the logs are saved in a sdcard memory inserted in the appliance, and recently had to be reinserted because the logs were not being saved.

Thanks!!

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

What you're seeing in the logs are sessions, which correlate data across several connections.

As to why it's logging LAN versus WAN sometimes, it may be related to the first packet seen on session correlation, which is based on (in)activity.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events