Firewall / ACL Logs?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Firewall / ACL Logs?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Firewall / ACL Logs?
Firewall / ACL Logs?
2022-05-05 10:35:57
Model: ER605 (TL-R605)  
Hardware Version: V1
Firmware Version: 1.2.0

Hi.

 

I'm using EAP/OC200 for a while and recently added a gateway and some JetStream switches to retire an old router and bring everything together in one management solution. Unfortunately, I was naive enough to believe that I would get similar log information here as with a stone-old router. Is there really no way to monitor ACL, traffic and access violations? Seriously? In a "Business Solution"? How are you folks manage your router / firewall while you are blind on both eyes? Maybe I missed something here, please let me know.

 

Thank you

 

 

  1      
  1      
#1
Options
8 Reply
Re:Firewall / ACL Logs?
2022-05-05 14:51:21

  @AndyGR42 

 

I agree some of the logging is MIA (like VPN negotations), but I do get ACL event logs:

 

<< Paying it forward, one juicy problem at a time... >>
  0  
  0  
#2
Options
Re:Firewall / ACL Logs?
2022-05-05 17:36:20

  @d0ugmac1 

 

Yes, in the case of a blocked wireless client we see something in the log. But what about wired clients? Or traffic accross the gateway? There is nothing. Of course, I don't need all the spam of the default deny rule. But in case of troubleshooting it's more than helpfull to have the chance to see the hits of all rules. 

 

My solution separates 3 simple segments: WAN, safty zone (our workstations) and everything else (all the unmanaged crap in a mondern home). Ok, 4 with the default LAN. Very simple, but a few connections between the segments are required. Pice of cake for every freeware linux router but a serious challange with Omada SDN. I don't expect a featureset like an UTM 9 or Checkpoint, but some fundamentals... From a security perspective this is also a nightmare. 

 

I'm courius if there is a roadmap or something to bring improvements into this part of the solution. 

 

 

  1  
  1  
#3
Options
Re:Firewall / ACL Logs?
2022-07-01 20:05:09

  @AndyGR42 Have you found anything out for logging?  I would like to lock down one of my VLANs and I'm finding it hard to do because I cannot troubleshoot when something doesn't work.  There's no ACL log to say XYZ tried to connect to port blah blah blah.

  0  
  0  
#4
Options
Re:Firewall / ACL Logs?
2022-07-01 22:12:15 - last edited 2022-10-13 11:13:53

EDIT

  0  
  0  
#5
Options
Re:Firewall / ACL Logs?
2022-07-01 22:16:13

There is a lot lacking when it comes to finding out what is going on with the system, and I have asked before for improved information as to what is happening or has happened.

 

The insights tab is only providing very basic information.

  0  
  0  
#6
Options
Re:Firewall / ACL Logs?
2022-07-01 22:37:27 - last edited 2022-10-13 11:13:43

EDIT

  0  
  0  
#7
Options
Re:Firewall / ACL Logs?
2022-07-04 06:45:18

  @btx 

 

I'm running Omada wifi since a couple of years and I'm very happy with it. It was a nobrainer to extend the setup during a replacement of ol switches and the firewall. Unfortunately I was very surprised about the limited monitoring features for this part of the solution. I'm pretty sure that low level logging is available on the devices, otherwise it seems to be impossible to develop. I agree, a centralized logging would be nice but its a big effort. I would be very fine with an option to send the low level data to a syslog server.

  0  
  0  
#8
Options
Re:Firewall / ACL Logs?
2022-07-04 06:45:28

  @cbuxton5200 

 

Nope, I found a working configuration and hopefully there will be never an emergency situation where I need detailed logging. 

  0  
  0  
#9
Options