cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
357
Views
0
Helpful
1
Replies

Access Control Policy and Connection Events

keithcclark71
Level 3
Level 3

I am confused on Policy. If I ping from an inside host to an outside host that does not respond is it a correct assessment that I would not see this logged in event viewer because I have beginning of a connection checked for logging. Since connection was never made their would be no beginning of a connection but rather just an attempt at one??? 

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

Ping (or more accurately, icmp messages) is not a good test since whether or not a firewall inspects icmp varies from release to release and can be changed by configuration.

That aside, if you are inspecting icmp, you should see the icmp echo request outbound if you are logging.

I usually suggest that you instead use a tcp-based method to check connectivity. That way you can validate the 3-way handshake and have a more unambiguous result.

View solution in original post

1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

Ping (or more accurately, icmp messages) is not a good test since whether or not a firewall inspects icmp varies from release to release and can be changed by configuration.

That aside, if you are inspecting icmp, you should see the icmp echo request outbound if you are logging.

I usually suggest that you instead use a tcp-based method to check connectivity. That way you can validate the 3-way handshake and have a more unambiguous result.

Review Cisco Networking for a $25 gift card