topic Re: Access Control Rules in Network Security

Access Control Rules

gcook0001 — Thu, 19 Aug 2021 18:06:07 GMT

I am trying to figure this out. I created a new block rule on Monday.

When I check the hit count today I see that there have been 275 hits on that rule to date.

When I check the connection events I don't see those hits. I have made sure that logging is turned on for that rule. Not sure why I am not seeing the events.

Re: Access Control Rules

Marius Gunnerud — Thu, 19 Aug 2021 19:48:08 GMT

How many rules do you have configured and how many have logging turned on. It might be an issue that your log retention is not large enough and that they are being overwritten.

Re: Access Control Rules

gcook0001 — Fri, 20 Aug 2021 17:25:23 GMT

I see event logs for the past three weeks. The rule I am looking at has only been implemented for one week so it shouldn't be a retention issue

Re: Access Control Rules

gcook0001 — Fri, 20 Aug 2021 17:34:25 GMT

Actually I noticed more. It seems that anything being blocked is not being logged. I have about 30 rules and right now I have logging enabled for all of them. I have about 7 blocking rules and they show hits but I don't see anything in the event logs.

Re: Access Control Rules

Marvin Rhoads — Sat, 21 Aug 2021 08:02:05 GMT

Do your block rules have "log at beginning of connection" set? (The "log at end of connection" setting will never get triggered for a block rule since a connection is not allowed in the first place.)

Re: Access Control Rules

Marius Gunnerud — Sat, 21 Aug 2021 08:52:51 GMT

Do you have event monitor enabled under logging in the logging section of the access rule?
Blocked rules should not be possible to block at end as that option should be disabled.

Re: Access Control Rules

1tservices — Mon, 23 Aug 2021 13:08:07 GMT

Yes it is set. When I look at the logs they were working till about a week ago then suddenly stopped. The option to "log at end of connection" is disabled for blocking rules. I see the logs in my syslog server but not in the logs on the firewalls themselves. I went through all my rules and made sure that they were all set properly.

Re: Access Control Rules

gcook0001 — Thu, 26 Aug 2021 12:26:38 GMT

I would like to thank everyone for the feedback. I have resolved the issue. There seems to have been an issue with the firewalls. It also caused an issue when I tried to perform an upgrade. After the upgrade everything is working as expected.

Thanks again.