Solved: Default Action Block - Log

Otvforte · ‎07-07-2025

Hi !

I'm start learning FTD (FP1010) and trying to figure out why I can't see external blocked SYN packets on FDM web interface (Events Tab). They are visible only on syslog messages, like this example: 07-07-2025 10:29:14 Local4.Error 192.168.0.1 Jul 07 2025 13:29:14: %FTD-3-710003: TCP access denied by ACL from x.x.x.x/41322 to outside:y.y.y.y/22

Also, if its due to the different engines (LINA and Snort), what kind of messages are supposed to show onFTD web interface ? Only those related with Next Gen components ?

The Default Action on Policies are configured to Block and Log.

MHM Cisco World · ‎07-07-2025

You are so welcome

MHM

View solution in original post

MHM Cisco World · ‎07-07-2025

Can you more elaborate

thanks

MHM

Otvforte · ‎07-07-2025

Sure sir. I know the firewall is blocking WAN to LAN connections by default (Default Action on Policies is set to Block). I'm able to see these blocked connections on syslog messages (remote server or even with CLI 'show logging') but the same blocked connections do not show on FDM - Monitoring / Events logs. Why blocks on Defaul Action do not show on the events when using at the FDM ? On the other hand, for rules that I create manually (like block a ping for example), I can see the block information on the FDM Monitoring / Events option and on syslog as well.

Maybe this is the expected behavior, I'm just trying to understand.

MHM Cisco World · ‎07-07-2025

in the left down corner there is default action and it Block
and by defualt there is no log
you can click in icon to enable log for this action

MHM

Otvforte · ‎07-07-2025

Good to know that there is no log for Default Action (block), thank you.

MHM Cisco World · ‎07-07-2025

You are so welcome

MHM