Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
472
Views
0
Helpful
1
Replies

Access Control Policy and Connection Events

Go to solution
keithcclark71
Level 3
Level 3

‎04-05-2017 11:43 AM - edited ‎03-12-2019 02:10 AM

I am confused on Policy. If I ping from an inside host to an outside host that does not respond is it a correct assessment that I would not see this logged in event viewer because I have beginning of a connection checked for logging. Since connection was never made their would be no beginning of a connection but rather just an attempt at one??? 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-05-2017 08:24 PM

Ping (or more accurately, icmp messages) is not a good test since whether or not a firewall inspects icmp varies from release to release and can be changed by configuration.

That aside, if you are inspecting icmp, you should see the icmp echo request outbound if you are logging.

I usually suggest that you instead use a tcp-based method to check connectivity. That way you can validate the 3-way handshake and have a more unambiguous result.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-05-2017 08:24 PM

Ping (or more accurately, icmp messages) is not a good test since whether or not a firewall inspects icmp varies from release to release and can be changed by configuration.

That aside, if you are inspecting icmp, you should see the icmp echo request outbound if you are logging.

I usually suggest that you instead use a tcp-based method to check connectivity. That way you can validate the 3-way handshake and have a more unambiguous result.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top