Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
01-07-2019 12:26 AM - edited 01-07-2019 12:27 AM
Hi All,
firewall interface configured with management profile where ICMP is enabled and i can ping the firewall ip. But we can't see any logs for ICMP in firewall .
How we can get this ?
01-09-2019 04:54 AM
Most probably because you don't have specific rule allowing this traffic, but rather relying on the default intra-zone rule, which doesn't log any traffic.
Even that you have interface management profile you still need a rule the policy to allow that traffic. It is common mistake to overlook this as in most of the cases the default intra-zone rule is already allowing this traffic. But default settings for the intra-zone rule is to NOT log the traffic.
There is two ways to solve this:
- Create specific rule (same source and destination zone) for this traffic and enable the log option on this rule
- Override the default intra-zone rule and enable the logging.
Note that the second option will log any other intra-zone traffic so, depending on your enviroment it migth generate lots of lots of unecessary logs
01-07-2019 01:57 AM
Hi @gpsriram,
As far as I know ICMP is not an option in the interface management profile.
Ping is the selectable option as shown in the screenshot :
Look for 'ping' application in your traffic log instead of icmp application ... + also make sure that the security rule which is being hit is actually being logged :
I hope this helps.
Cheers !
-Kiwi.
01-07-2019 04:46 AM
yes it displays as ping but only if you have a security policy that it matches with log enabled.
you can only see it in @kiwi screen shot as it's hitting the rule "vdraad".
if you are just relying on the management profile then it seems not to show in traffic log.
01-09-2019 04:54 AM
Most probably because you don't have specific rule allowing this traffic, but rather relying on the default intra-zone rule, which doesn't log any traffic.
Even that you have interface management profile you still need a rule the policy to allow that traffic. It is common mistake to overlook this as in most of the cases the default intra-zone rule is already allowing this traffic. But default settings for the intra-zone rule is to NOT log the traffic.
There is two ways to solve this:
- Create specific rule (same source and destination zone) for this traffic and enable the log option on this rule
- Override the default intra-zone rule and enable the logging.
Note that the second option will log any other intra-zone traffic so, depending on your enviroment it migth generate lots of lots of unecessary logs
01-09-2019 04:58 AM
Good point Mr Astardzhiev.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
