Results 1 to 4 of 4
  1. #1
    Newbie
    Join Date
    May 2022
    Posts
    2

    Default How do I see firewall blocks on the WAN interface?

    I noticed the Firewall interface does not show blocks from external Internet IPs on the WAN interface. If the firewall is working at all then I should notice blocks from unsolicited Internet traffic to my WAN IP. I do not see any such traffic on my Untangle box in the firewall logs. Either this is not being blocked or the "Firewall --> All Events" report is not accurate. Does the firewall block unsolicited WAN traffic and if so, why is the report inaccurate?

  2. #2
    Master Untangler
    Join Date
    Jul 2010
    Location
    Nanaimo B.C
    Posts
    787

    Default

    Quote Originally Posted by evergreensysadmin View Post
    I noticed the Firewall interface does not show blocks from external Internet IPs on the WAN interface. If the firewall is working at all then I should notice blocks from unsolicited Internet traffic to my WAN IP. I do not see any such traffic on my Untangle box in the firewall logs. Either this is not being blocked or the "Firewall --> All Events" report is not accurate. Does the firewall block unsolicited WAN traffic and if so, why is the report inaccurate?
    Why are you not checking TP & IPS ?TP.jpg
    Started Youtube Channel, Have a question about Untangle Ask me : jason @ jasonslab.ca
    https://www.youtube.com/c/jasonslabvideos << Please like and subscribe, helps me out !!

  3. #3
    Newbie
    Join Date
    May 2022
    Posts
    2

    Default

    Brand new to Untangle. I also do not see blocked WAN traffic from Threat Prevention. This concerns me because OPNsense was showing a WAN block at least every hour, so that suggests that I'm not seeing the real logs or it's not being blocked and relying on NAT for security, which would be an interesting design decision.

    EDIT: Ah, I now see it in IPS. There is a surprising amount of IPs categorized negatively but still allowed. Guess I need to tweak that. Is there a master view for traffic handled by all modules?
    Last edited by evergreensysadmin; 05-15-2022 at 12:53 AM.

  4. #4
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,498

    Default

    Untangle has two different types of apps within it... apps and services.

    You can have an app per policy, but a service only runs once per installation.

    Services interact with the kernel more than apps do, but all are limited by the UVM itself to some degree. The UVM only processes TCP and UDP packets, from sessions that TRANSIT the Untangle appliance.

    So in most cases, you simply will not see traffic that impacts on the Untangle server itself. It's not that NAT is being relied upon as much as without NAT if Untangle is running as a router, most ingress communications simply never happen to begin with. Should they happen, they are scanned.
    dashpuppy likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2