About mbutt

Hi, Do you have to manually go and delete the logs or are the new logs are still being written. If the new logs are still being written that means the logs are being purged. Also as mentioned the logs are purged to keep the log file as close to full as possible. If a partition is set to 100MB, the logs are not purged until the log file is 100% full (100MB+).  The usage can be over the quota because the indexing will take up space, but it does not use the purging mechanism as the normal log writes.  If the index takes place, but no new logs have come in, the usage can be over the quota (over 100MB for example) until the next log is written.  Once the next log is written, the system will purge enough logs and index files to get below the quota. Also if you would like to request a feature to delete logs partially please contact your local SE (Sales Engineer) and he should be able to file an enhancement request for you. Thank you Numan ... View more

Hi, While installing the Agent can you make sure to run it as an Administrator and see if that resolves your issue. Thank you Numan ... View more

Hi, Please see below and see if that helps answer your questions. The logs are purged when the quota size is exhausted.  This is why it has been recommended to set the overall quota to ~90% of the full disk.  You do not have to save space, but it is recommended to improve performance. The logs are purged to keep the log file as close to full as possible. If a partition is set to 100MB, the logs are not purged until the log file is 100% full (100MB+).  The usage can be over the quota because the indexing will take up space, but it does not use the purging mechanism as the normal log writes.  If the index takes place, but no new logs have come in, the usage can be over the quota (over 100MB for example) until the next log is written.  Once the next log is written, the system will purge enough logs and index files to get below the quota. If the amount of traffic logged is greater than what the firewall can delete, this alarm will be generated as explained in the above. For deleting the logs partially currently there is no command. you can delete entire logs for example if you go to GUI and Device and manage logs it give you option to delete different logs.      If you are looking for partially deleting the logs the work around would be If you resize the partition, and commit and then size it back after the commit, you should essentially remove the last the oldest logs.  For example if you have 1 GB of traffic logs,      resize the partition to 500MB, and commit, you will remove the oldest 500MB of logs.  5. Also if you would like to request a feature to delete logs partially please contact your local SE (Sales Engineer) and he should be able to file an enhancement request for you. Hope this helps. Thanks Numan ... View more

Hi, Please see below and see if that helps answer your questions. The logs are purged when the quota size is exhausted.  This is why it has been recommended to set the overall quota to ~90% of the full disk.  You do not have to save space, but it is recommended to improve performance. The logs are purged to keep the log file as close to full as possible. If a partition is set to 100MB, the logs are not purged until the log file is 100% full (100MB+).  The usage can be over the quota because the indexing will take up space, but it does not use the purging mechanism as the normal log writes.  If the index takes place, but no new logs have come in, the usage can be over the quota (over 100MB for example) until the next log is written.  Once the next log is written, the system will purge enough logs and index files to get below the quota. If the amount of traffic logged is greater than what the firewall can delete, this alarm will be generated as explained in the above. For deleting the logs partially currently there is no command. you can delete entire logs for example if you go to GUI and Device and manage logs it give you option to delete different logs.      If you are looking for partially deleting the logs the work around would be If you resize the partition, and commit and then size it back after the commit, you should essentially remove the last the oldest logs.  For example if you have 1 GB of traffic logs,      resize the partition to 500MB, and commit, you will remove the oldest 500MB of logs.  5. Also if you would like to request a feature to delete logs partially please contact your local SE (Sales Engineer) and he should be able to file an enhancement request for you. Hope this helps. Thanks Numan ... View more

Hi Stijin, As per my knowledge the application will not be decoded over socks. So it will just show up as Socks only. Please let me know if this helps. Thank you Numan ... View more

That just means that it is a private network and not a public . Since it is internal to the network with reserved ip address it is showing that. Did clearing the cache help. Thanks Numan ... View more

Hi James, Verify if the site is getting categorized correctly. Use this command to verify it. admin> test url   <value>  Test URL categorization If it is being categorized incorrectly you can clear the url cahce by using the following commands clear url-cache all Let us know if this helps. Thank you Numan ... View more

Do you have any proxy setting in the browser that you are using. Try using a different browser and check if that allows you to upload the file. Please let us know if this helps. Regards, Numan ... View more

Hi David, Try clearing the URL cache by using the following command from CLI and see if that helps clear url-cache all Thank you mbutt ... View more

Hi, In the authd logs please verify the following Do you see a line "test admin is being authed using local acct": or you just see "test admin is being authed" If it is the second line you see it is possible that the authentication process has been locked by a user. To get rid of this issue please do the following 1. Make sure to save the configuration locally. 2. Reinstall the software on the device.(basically the software which is already installed) 3. When software is re installed it will ask the device to be rebooted. Please reboot the device 4. Verify that you are able to configure the user.   Just restarting the system might not solve the issue. Let us know if this helps Thank you mbutt ... View more

Hi, In the authd logs please verify the following Do you see a line "test admin is being authed using local acct": or you just see "test admin is being authed" If it is the second line you see it is possible that the authentication process has been locked by a user. To get rid of this issue please do the following 1. Make sure to save the configuration locally. 2. Reinstall the software on the device.(basically the software which is already installed) 3. When software is re installed it will ask the device to be rebooted. Please reboot the device 4. Verify that you are able to configure the user. Just restarting the system might not solve the issue. Let us know if this helps Thank you mbutt ... View more

Hi, Please verify if you have configured in the following manner. Under Device tab--> server profiles---> syslog you create a syslog server profile and do the commit. Please verify that the ip address of the server and port has been configured correctly and are correct. If ping is allowed then to CLI and use following command to ping the syslog server and see if you get response. ping host <ipadress> This above command will ping from the management server. Then you go to log forwarding option under Objects tab--> log forwarding Then choose that profile in the log forwarding profile for the logs you want forwarded to the syslog make sure to do the commit. This will allow you to forward the traffic logs for all the severity and if you want you can forward it for all the threat logs or the needs threat logs. How is your management interface configured. Is it passing through the firewall. If yes it is possible that it is getting dropped by one of the security policy. Please check the traffic log to verify if your traffic is getting dropped. If it is a internal to internal zone by default that traffic will not show in the logs please make sure a rule is created to show that traffic so you can verify. If the above suggestion doesn't work either then try to route the syslog traffic through one of the data ports. Go to device tab--->setup---> services tab---> service route configuration and select any external interface and see if the traffic is being sent now. If the above configuration works then there might be an issue for the management server to reach to the syslog server. Let us know if this helps. Thank you mbutt ... View more