Is there a way to log the default drop rule traffic or supersede it with a rule to log it?
This thread was automatically locked due to age.
Hello John,
I already asked this a couple of months ago. See the discussion here: https://community.sophos.com/xg-firewall/f/discussions/123399/new-drop-all-rule-in-v-18
In short:
- Activating logging on the default drop rule is not possible.
- You can put a explicit deny rule before the default drop rule with logging. This was the method you needed to use in V 17.5 to see the dropped traffic.
But does that work in version 18? When I see #0 on that rule how do you get ahead of it. This is why I have used more than one firewall for years. Not that I want to manage more than one. thanks *** why they could not just leave the LOG as an option is beyond me? So far it is not working other than showing related outside connections that were initially instigated from the inside. No ankle biter/ bot events are showing.
But does that work in version 18? When I see #0 on that rule how do you get ahead of it. This is why I have used more than one firewall for years. Not that I want to manage more than one. thanks *** why they could not just leave the LOG as an option is beyond me? So far it is not working other than showing related outside connections that were initially instigated from the inside. No ankle biter/ bot events are showing.