This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Identify which Packet filter (firewall) rule was used to allow or block?

Short of enabling logging for all firewall rules, is there some way of seeing which rule allowed or blocked certain traffic? Something in console/command line?

This thread was automatically locked due to age.

Parents

0 Wayne Folta over 2 years ago

Could you try a Policy Test (available as the other tab when you View Logs)? It's mainly to test web policies, hence the name, but does give information on firewall rule matches.

Or maybe Diagnostics > Connection List with appropriate filtering? (I just tried this and in my particular use case it unfortunately shows "No Rule" for the Rule ID, so maybe not foolproof.)

Or maybe Diagnostics > Packet Capture? That seems to show Rule ID.
Cancel
Vote Up 0 Vote Down

Cancel
0 Jay Jay over 2 years ago in reply to Wayne Folta

The only Policy Test I see is under the web protection/policy helpdesk. This becomes disabled when webfiltering is turned off. I'm on a home license if that makes a difference. Maybe I'm not looking for it at the right place... What's the exact path?

I don't see diagnostics/connection list either.

Are you in UTM or XG? I'm using UTM.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Jay Jay over 2 years ago in reply to Wayne Folta

The only Policy Test I see is under the web protection/policy helpdesk. This becomes disabled when webfiltering is turned off. I'm on a home license if that makes a difference. Maybe I'm not looking for it at the right place... What's the exact path?

I don't see diagnostics/connection list either.

Are you in UTM or XG? I'm using UTM.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Wayne Folta over 2 years ago in reply to Jay Jay

OOPS, I was looking at "Top postings" and got sucked into a UTM question. Sorry, I'm referring to the XG.
Cancel
Vote Up 0 Vote Down

Cancel