Interface ping logs are not showing in traffic log

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Interface ping logs are not showing in traffic log

L1 Bithead

Hi All,

 

firewall interface configured with management profile where ICMP is enabled and i can ping the firewall ip. But we can't see any logs for ICMP in firewall .

 

How we can get this ?

1 accepted solution

Accepted Solutions

Most probably because you don't have specific rule allowing this traffic, but rather relying on the default intra-zone rule, which doesn't log any traffic.

 

Even that you have interface management profile you still need a rule the policy to allow that traffic. It is common mistake to overlook this as in most of the cases the default intra-zone rule is already allowing this traffic. But default settings for the intra-zone rule is to NOT log the traffic.

 

There is two ways to solve this:

- Create specific rule (same source and destination zone) for this traffic and enable the log option on this rule

- Override the default intra-zone rule and enable the logging.

 

Note that the second option will log any other intra-zone traffic so, depending on your enviroment it migth generate lots of lots of unecessary logs

View solution in original post

4 REPLIES 4

Community Team Member

Hi @gpsriram,

 

As far as I know ICMP is not an option in the interface management profile. 

Ping is the selectable option as shown in the screenshot :

 

ping_profile.jpg

 

 

Look for 'ping' application in your traffic log instead of icmp application ... + also make sure that the security rule which is being hit is actually being logged :

 

traffic_log.jpg

 

 

I hope this helps.

 

Cheers !

-Kiwi.

 
LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.

yes it displays as ping but only if you have a security policy that it matches with log enabled.

 

you can only see it in @kiwi screen shot as it's hitting the rule "vdraad". 

 

if you are just relying on the management profile then it seems not to show in traffic log. 

Most probably because you don't have specific rule allowing this traffic, but rather relying on the default intra-zone rule, which doesn't log any traffic.

 

Even that you have interface management profile you still need a rule the policy to allow that traffic. It is common mistake to overlook this as in most of the cases the default intra-zone rule is already allowing this traffic. But default settings for the intra-zone rule is to NOT log the traffic.

 

There is two ways to solve this:

- Create specific rule (same source and destination zone) for this traffic and enable the log option on this rule

- Override the default intra-zone rule and enable the logging.

 

Note that the second option will log any other intra-zone traffic so, depending on your enviroment it migth generate lots of lots of unecessary logs

Good point Mr Astardzhiev.

  • 1 accepted solution
  • 6666 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!