Firewall / ACL Logs?
Hi.
I'm using EAP/OC200 for a while and recently added a gateway and some JetStream switches to retire an old router and bring everything together in one management solution. Unfortunately, I was naive enough to believe that I would get similar log information here as with a stone-old router. Is there really no way to monitor ACL, traffic and access violations? Seriously? In a "Business Solution"? How are you folks manage your router / firewall while you are blind on both eyes? Maybe I missed something here, please let me know.
Thank you
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Yes, in the case of a blocked wireless client we see something in the log. But what about wired clients? Or traffic accross the gateway? There is nothing. Of course, I don't need all the spam of the default deny rule. But in case of troubleshooting it's more than helpfull to have the chance to see the hits of all rules.
My solution separates 3 simple segments: WAN, safty zone (our workstations) and everything else (all the unmanaged crap in a mondern home). Ok, 4 with the default LAN. Very simple, but a few connections between the segments are required. Pice of cake for every freeware linux router but a serious challange with Omada SDN. I don't expect a featureset like an UTM 9 or Checkpoint, but some fundamentals... From a security perspective this is also a nightmare.
I'm courius if there is a roadmap or something to bring improvements into this part of the solution.
- Copy Link
- Report Inappropriate Content
@AndyGR42 Have you found anything out for logging? I would like to lock down one of my VLANs and I'm finding it hard to do because I cannot troubleshoot when something doesn't work. There's no ACL log to say XYZ tried to connect to port blah blah blah.
- Copy Link
- Report Inappropriate Content
EDIT
- Copy Link
- Report Inappropriate Content
There is a lot lacking when it comes to finding out what is going on with the system, and I have asked before for improved information as to what is happening or has happened.
The insights tab is only providing very basic information.
- Copy Link
- Report Inappropriate Content
EDIT
- Copy Link
- Report Inappropriate Content
I'm running Omada wifi since a couple of years and I'm very happy with it. It was a nobrainer to extend the setup during a replacement of ol switches and the firewall. Unfortunately I was very surprised about the limited monitoring features for this part of the solution. I'm pretty sure that low level logging is available on the devices, otherwise it seems to be impossible to develop. I agree, a centralized logging would be nice but its a big effort. I would be very fine with an option to send the low level data to a syslog server.
- Copy Link
- Report Inappropriate Content
Nope, I found a working configuration and hopefully there will be never an emergency situation where I need detailed logging.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 2101
Replies: 8
Voters 0
No one has voted for it yet.