Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
307
Views
0
Helpful
0
Replies

RV320 - any way to hide Multicast blocks in log without using access rules?

dancrichton
Level 1
Level 1

‎01-07-2015 08:20 AM

The RV320 I've just put into production is being run in a default block for all outgoing connections with explicit allow rules for all the ports that the network users are allowed to use. This has resulted in all 50 of the allowed access rules being used up. I need to log blocked connections so we can look out for any TCP/UDP ports we may need to allow (although I'm still trying to figure out how we'll actually allow them ...), but the log is filling up with blocked UDP entries such as:

 

2015-01-07, 16:13:58 BLOCK UDP 192.168.x.y:55014 -> 239.255.255.250:1900 on eth0

2015-01-07, 16:13:58 BLOCK UDP 192.168.x.y:5353 -> 224.0.0.251:5353 on eth0

2015-01-07, 16:14:22 BLOCK UDP 192.168.x.y:52330 -> 255.255.255.255:52330 on eth0

 

where the LAN IP is within the 192.168. private range.

 

I know I could, if I had enough access rule entries left, create block rules with no logging enabled for these, but that isn't an option here. Is there any other way to filter out multicast connections in the web interface? If not I guess the next step is to do this at the syslog server instead.

 

Dan

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents