cancel
Showing results for 
Search instead for 
Did you mean: 

Computer Protection: firewall log file

Aspirant

Computer Protection: firewall log file

Hellom

 

How i can identify what rule in psb portal/profile/firewall is responsible for block action.

 

In log file i have numbers like [1070.5f94]

 2.png

 

Where can find it in psb portal?

 

4.png

1 REPLY
F-Secure

Re: Computer Protection: firewall log file

What is the name of a filter in Blocks.log?

Filter names are provided by Windows Firewall and not always have the same name as you define in profile editor.

For instance, I just created rule "Test block skype" and got this in Blocks.log (note that name of filter is the same as I used in portal):

2018-09-10 14:08:00.960 [62fc.5e50]  I: Type: FWPM_NET_EVENT_TYPE_CLASSIFY_DROP. Dropped by filter: Test Block skype, . Dropped by layer: ALE Connect v4 Layer. Direction: outbound. Local port: 61537. Remote port: 5061. IPv4 local address: N.N.N.N. IPv4 remote address: N.N.N.N. Application: \device\harddiskvolume4\...\lync.exe

 

 

In case if name does not match, to guess rule which blocked it, you would need to check other params like ports, IP addresses etc and Application and try to map it to one of rules in currently selected firewall profile.