Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 41 subscribers
  • Views 1873 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS and Flood Protection logs always empty in GUI

Joshua Drost

Is there a setting I'm missing? Every one of our several hundred firewalls always shows empty IPS logs ("No record found"), even when the firewall shows that it has been dropping packets due to flood protection. See the screenshots below.



This thread was automatically locked due to age.
Parents
  • +1

    Hello ,

    Thank you for reaching out to the community, Can you check under the firewall rules whether the option "Log firewall traffic." is enabled ?
    Under the Other security features is the IPS policy applied ?
    Under the Intrusion Prevention > IPS Polices > "IPS protection" toggled on ? 
    Under the System Services > Log settings > is logging for IPS enabled ?

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Global Support & Services 

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • +1 in reply to Vivek Jagad
    Vivek Jagad said:

    Hello Joshua Drost,

    Thank you for reaching out to the community, Can you check under the firewall rules whether the option "Log firewall traffic." is enabled ?
    Under the Other security features is the IPS policy applied ?
    Under the Intrusion Prevention > IPS Polices > "IPS protection" toggled on ? 
    Under the System Services > Log settings > is logging for IPS enabled ?

    "Configure > System Services > Log Settings > DoS Attack (local reporting)" appears to be the checkbox I was missing, as it's not turned on by default. Thank you!

Reply
  • +1 in reply to Vivek Jagad
    Vivek Jagad said:

    Hello Joshua Drost,

    Thank you for reaching out to the community, Can you check under the firewall rules whether the option "Log firewall traffic." is enabled ?
    Under the Other security features is the IPS policy applied ?
    Under the Intrusion Prevention > IPS Polices > "IPS protection" toggled on ? 
    Under the System Services > Log settings > is logging for IPS enabled ?

    "Configure > System Services > Log Settings > DoS Attack (local reporting)" appears to be the checkbox I was missing, as it's not turned on by default. Thank you!

Children
No Data
Unfiltered HTML