Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I have an XG85W and do not have the Reports button. Is it supposed to be there on this model?

How do I access the reports on this model?



This thread was automatically locked due to age.
Parents
  • Unfortunately the XG85 and XG85w do not have on appliance reporting, they only have 8GB of storage on appliance which is just not sufficient. Starting from the XG105 and up the appliance include SSD storage which will enable on appliance reporting.

    Fortunately this does not mean you don't have access to reporting, it just needs to be external via the iView 2 reporting appliance. The iView appliance is available for deployment of VMware or Hyper-V Infrastructure and 100GB of storage is provided free of charge through "iView Lite" via the Trial option at https://www.sophos.com/en-us/products/next-gen-firewall/free-trial/iview.aspx 

    Leon Friend

    Sophos Sales Engineer

    Sophos XG Firewall - Certified Architect, Sophos Certified Engineer, Cyberoam CCNSE, Cyberoam CCNSP

  • I setup an iView server and my own SG105 device logs to in fine. The XG85w device shows up in the list, so I know my port forwarding/nat rules are right, but no data. I have all the check boxes checked on the XG device to send data, I tried setting the message level to daemon, kernel, etc. and still nothing shows up.

  • That's odd, can you check for me (some of this might sound like a recap, but lets verify it all)

    - All firewall rules have logging enabled

    - The log server is setup with Facility = Daemon & Severity level = Debug

    - Under log settings all entries are configured to be forwarded to your log server (i.e. the iView server)

    Leon Friend

    Sophos Sales Engineer

    Sophos XG Firewall - Certified Architect, Sophos Certified Engineer, Cyberoam CCNSE, Cyberoam CCNSP

  • Not all rules had logging enabled but most did. Now they all do.

    Facility was set to Daemon but Severity was set to Information. It is now Debug

    Yes, all entries are checked.

  • so, has anything started to appear in the iView reporting environment?

    If it has not can you see the appliance sending the data?

    - using the packet capture (System > Diagnostics > Packet Capture), use the PBF string "port 514", click OK and then turn the Packet capture on.

      (you should see a UDP Packet leaving the appliance with a destination ip of your iView server and the destination port of 514, you should also see what physical port it is leaving on)

    I am just trying to determine if the appliance is not generating the data or if it is sending it and it is not getting to the iView server

    Leon Friend

    Sophos Sales Engineer

    Sophos XG Firewall - Certified Architect, Sophos Certified Engineer, Cyberoam CCNSE, Cyberoam CCNSP

  • It does not appear that steady data is coming across. If I change a setting on the XG85w a single line will show up in the iView "Archive / Live Logs" screen. But that's it. Now traffic flow data.

    Looking at the packet capture logs it appears traffic is going out. Not a ton, but steady.

  • Clicking all over the iView reports I am finding info from the xg unit. No where near the data flowing in from the SG unit tho. The xg does not show up on the Dashboard which is why I thought nothing was coming over. If I click around the reports and tell it to only show the XG stuff, graphs do show up. Separate issue but the info is about unless. All I see is rule number 600000 or something. that tells me nothing.

Reply
  • Clicking all over the iView reports I am finding info from the xg unit. No where near the data flowing in from the SG unit tho. The xg does not show up on the Dashboard which is why I thought nothing was coming over. If I click around the reports and tell it to only show the XG stuff, graphs do show up. Separate issue but the info is about unless. All I see is rule number 600000 or something. that tells me nothing.

Children
  • OK it sounds like the logging is being forwarded correctly, can you check that you are actually pushing traffic into the Application Classification engine and the Web Filtering engine in the policy rules.

    - in each rule that is allowing traffic make sure you have a "Application Control" Policy and a "Web Filter" Policy attached (even if it is "Allow All")

    - also check you have an active "Web Protection" subscription

    - you can check the local logging under "System > Diagnostics > Log Viewer" and then "Web Filter" or "Application Filter" to see what is being generated locally

    - if the subscription is active and the applications are not being identified from the console check the status of the application classification engine

      from the console

    system application_classification show

      if the result is "off" run 

    system application_classification on

    Leon Friend

    Sophos Sales Engineer

    Sophos XG Firewall - Certified Architect, Sophos Certified Engineer, Cyberoam CCNSE, Cyberoam CCNSP