Linking Firewall events with the rule that triggered them.

When you are in the “Firewall Events” screen a nice enhancement to the GUI would be to allow a right click option (or a button down the side) labeled something along the lines of “Goto Trigger” which would bring up the “Network Security Policy Window” with the rule that triggered the event highlighted.

For consistency of course you could have similar functionality for the Defense+ Events and their triggering rules.

I think it’s better not to overload “Firewall Events” by any other functionality, but I wish to see one more column, named “Application Rule”, where should be record of Rule, that blocked/allowed that activity.
For more detailed overview - take a look at ISA. There you are able to see (even in real-time) any activity and correspondent Rule Name.

I would like to see the triggering rule in the event log. I guess a link would not be that much more difficult. It would depend on if it slowed logging down enough to create errors.

I already mentioned this way back in the beta stages of CFPv3 before CIS.


Having an extra column that displays the triggering rule would be excellent, I never thought of just adding a column!

And I can’t see how if you already have the rule in the column it would be that much harder to create a link from that to the Network Security Policy window.

For me having a linked trail that leads back from the log to the event to the rule tying it all together, would help make an excellent product even better

In Firewall events list it would be very nice to see the rule number, according to which the connection was blocked or allowed.
Sometimes it is very compicated to find the corresponding rule.

+1 on that. I would really like this included.

Strongly agree. A column showing the rule, and double-clicking in that column would take you to the rule itself; no need for a separate button.

How about just letting the user double click to open the associated rule?

No added visible UI to add clutter.

And what’s the “ISA”? ???

Most firewalls, in the log/event viewer, do show the rule which triggered the event. Knowing which rule is responsible for an event is essential to the creation/debugging of a good working rule-set.