Since I installed CFP 4.0.14.276 Network Defence in the summary tab has had 0 blocked intrusion attempts thus far. But what has me more curious is in the "View Firewall Events there has not been one single entry so far :-\ and I’ve clicked more to check and there is absolutely nothing in the firewall Log viewer for today, yesterday, well since I installed 3.0.14.276 for any of the days.
I had 3.0.14.273 prior to that and it would have entries in the firewall log viewer. before anyone asks if I uninstalled it and elimiated any traces before installing the new version, the answer is yes I did.
out of curiousity i just checked the predefined firewall policies tab
where it lists
Policy Web Browser Email Client FTP Client Trusted Application Blocked Application Outgoing Only
for any of them that I click edit and check, only Block and Log Unmatching Requests has Log as a firewall event if this Rule is Fired ticked. all others it doesn’t have it ticked.
I have no idea how it was on 3.014.273, all i know is i would get entries in the Firewall Log viewer
well ok I see only “block and log unmatching requests ie; entries in red” any for that it has ticked so would give a log view entry for that, i guess thats if something tried to make a connection that violates that policy. but I guess that rarely happens hence I’ve had zero entries in the log viewer so far.
So by default Log as a firewall event if this Rule is Fired
is not ticked for all them other stuff compared to 3.0.14.273. I guess I can do it manaully, what I would like is any iincoming intrusion attempts from the outside I would like the firewall to log those, how do i do that? the green entires are all allow incoming and outgoing events or one or the other, so that i don’t think i want to have any logs for since it would be pointless. i just want the firewall to log attempted incoming intrusion events. outgoing ones i ain’t too bothered by.
The ‘Firewall Events’ area contains logs of actions taken by the firewall. A ‘Firewall Event’ is recorded whenever an application or process makes a connection attempt that contravenes a rule your Network Security Policy (Note: You must have checked the box ‘Log as a firewall event if this rule is fired’ for the event to be logged.)
that caught my attention ^ its the first para in the help file. atleast thats one proper explaination for something ;D makes a change hehe.
ok, would someone like to let me know if ticking Log as a firewall event if this Rule is Fired box for Block and Log ICMP in From IP Any to IP Any Where ICMP Message IS ECHO Request in Global rules In Network Security Policy is ok? its unticked, but what would ticking it do and what sort of events woud global record in the log viewer
something along the lines is where my thoughts lay now ^
btw am still curious how comes 3.01.4.273 had entries in the firewall log viewer for me, but 3.0.14.276 has none so what is not ticked by default this time?
the slight difference between 3.0.14.276 and 3.0.14.273 are the new version has the loopback feature and its configured and enabled by default, and I never checked such things on the previous version but I can say now that the new version hasn’t got Log as a firewall event if this Rule is Fired for Block and Log ICMP in From IP Any to IP Any Where ICMP Message IS ECHO Request in Global rules In Network Security Policy Ticked by default!
i use a router and the previous firewall version would still log some entries in the firewall log viewer when i tested the firewall with and without my router connected.
When i first installed this CFP 3.0.14.276
this version it had zero entries in the firewall log viewer even though I tested the firewall with and without the router connected.
anyway i disconnected my router and ticked that box for Log as a firewall event if this Rule is Fired for Block and Log ICMP in From IP Any to IP Any Where ICMP Message IS ECHO Request in Global rules In Network Security Policy and ran shieldsup port scanner since its quick and simple and was all that was needed to check this situation out. with that thing ticked for global rules the firewall did log some entries so i ended up with 3 entries in the firewall log viewer my first set of entires for 3.0.14.276 ;D (P.S I did do an IP lookup on the recorded IP in the firewall log viewer entries and it said it was from shieldsup)
I tried it a couple times i unticked that option Log as a firewall event if this Rule is Fired in global rules and ran shieldsup port scanner again, no entries this time, so i ticked it back again and ran the test a 3rd time and Low & Behold it recorded another 3 entries of attempted intrusion events.
anyway so thats all sorted and figured out for me now
I reconnected my router back but will be no point me seeing if it gives any entries cos I know it won’t I guess the loopback feature in CFP and ping blocked enabled on my router will result in no firewall event entires but that must be how it logically works.
So for those who are seeing no entries in the firewall Log viewer you should read this and then you’ll know how it works and why you maybe have no entries and what to do to enable the firewall to log attempted intrusions or scans etc, and if your behind a router well all I’ve written just now wil let you know who to make sure the firewall is setup right to log intrusion attempts or pings or port scans etc etc, and not to be concerned if it shows no entries if your behind a router, just simply discconect your router and test your firewall on shieldsup basic port scan test, if you get no entries then read this post to turn on entries for intrusion attemps for your fireall log viewer.
anyway all done. an Admin can close this post if you want. I sussed my prob out already ;D
:BNC
(P.S don’t you just hate typo spellings, thats why i got to keep editing my post) (:AGY) lmao
