08-06-2018 11:25 PM - edited 02-21-2020 08:03 AM
Hi All,
We're massively cleaning up firewall rules to harden the network, but on some interface we have some permit ip any any rules which ofcourse are hit massively. I want to further investigate this but haven't done this before.
What is the go-to to do this? Setup NetFlow? If so, anyone has a suggestion for a good NetFlow Analyzer?
In this case i'm only interested in statistics about source, destination and protocol/port.
Thanks in advance and have a nice day!
Eric
08-06-2018 11:38 PM
08-06-2018 11:56 PM
Hi Mohammed,
Thanks for the suggestion! Sorry if i'm asking a stupid question right now, but what exactly do you mean with "generate logging report". We already have a SysLog server setup (allthough it's a really old Kiwi SysLog server) so enabling logging on this specific ACL is no problem. Are the most SysLog applications nowadays capable of generating a report which just gives me statistics? I'm not really interested in the individual logging lines, i'm looking for something that can show me, for example, how many tcp/443 packets from source X to destination X have come by.
08-07-2018 01:04 AM - edited 08-07-2018 01:04 AM
you could even simplify this by using a packet capture and do traffic summary using wireshark, than gradually add more granular rules on top of your permit any until you covered everything, then rip the permit any out.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide