Announcement: New Knowledge Base

4 June 2020: We are pleased to announce the launch of a new Knowledge Base, Changelogs for Business Security Products, where you can find more details, such as bugfixes or new features, about the most recent releases of our business-related products.

Computer Protection: firewall log file

Hellom

 

How i can identify what rule in psb portal/profile/firewall is responsible for block action.

 

In log file i have numbers like [1070.5f94]

 2.png

 

Where can find it in psb portal?

 

4.png

Answers

  • fedoolfedool Posts: 144

    What is the name of a filter in Blocks.log?

    Filter names are provided by Windows Firewall and not always have the same name as you define in profile editor.

    For instance, I just created rule "Test block skype" and got this in Blocks.log (note that name of filter is the same as I used in portal):

    2018-09-10 14:08:00.960 [62fc.5e50]  I: Type: FWPM_NET_EVENT_TYPE_CLASSIFY_DROP. Dropped by filter: Test Block skype, . Dropped by layer: ALE Connect v4 Layer. Direction: outbound. Local port: 61537. Remote port: 5061. IPv4 local address: N.N.N.N. IPv4 remote address: N.N.N.N. Application: \device\harddiskvolume4\...\lync.exe

     

     

    In case if name does not match, to guess rule which blocked it, you would need to check other params like ports, IP addresses etc and Application and try to map it to one of rules in currently selected firewall profile.

This discussion has been closed.