ER605 - Improving the Firewall with Logging

ER605 - Improving the Firewall with Logging

ER605 - Improving the Firewall with Logging
ER605 - Improving the Firewall with Logging
2024-01-23 03:39:28 - last edited 2024-01-23 04:12:09
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: ER605(UN)_V2.6_2.2.3 Build 20231201

Hello and Happy New Year!,

 

I own multiple ER605's.  I have seen much improvement from the stock firmware to the firmware released this past December (2023).  Thank you to the developers of the firmware for continuously providing firmware updates with improvements for the ER605.  It is much appreciated!

 

One area of improvement that I would like to see is with the firewall logs.  I think a lot of issues and frustrations that have been expressed about this device on the internet is  because it takes a lot of time for a user to figure connection related things out without a firewall specific log to look at.  The firewall may be doing its job and blocking connections that aren't allowed, but users trying to configure the device may not know why connections are not being established and may assume the device is faulty.  It took quite a bit of trial and error for me to get a vpn connection working and secured the way I want it.  I think it would help in troubleshooting configuration of the device a great deal if the next version of the ER605 firmware had the ability to turn on/off, at will, traffic logging using a built in IDS/IPS similar to how IPFire does it. Search for "IPFire Firewall Logs" to find an example of how they present the log.  I think they might use Snort to achieve this.  For me, just having the firewall/traffic logging aspect in a table view with the following fields would be a huge help:

 


    - Date/Time - Date and time of the firewall event (Sorted by this as a default showing the most recent event at the top)
    - Rule/Chain - Rule and/or name of iptables chain of the firewall event
    - Interface - The interface that this firewall event occurred (sortable/filterable)
    - Protocol - The protocol used - either TCP or UDP
    - Source / Destination - Source (from) IP address and Destination (to) IP address of the event (sortable/filterable)
    - Source Port / Destination Port - Source (from) Port and Destination (to) Port of the event
    - Country - The country of the source of the event that it originated from (if possible) (sortable/filterable)
    - Source MAC address (sortable/filterable)
    - Destination MAC address

 

I understand that space may be limited on the device, but even just having the log data in a table format for a short amount of time would be very helpful and useful for me at least to see what is going on when configuring the device.

 

All of my ER605's are used in stand alone mode. I do not use the controller.

 

I would purchase more ER605's if this type of logging was available. Thank you for your consideration!

  1      
  1      
#1
Options

Information

Helpful: 1

Views: 239

Replies: 0

Related Articles