How do I see firewall blocks on the WAN interface?

[evergreensysadmin]

I noticed the Firewall interface does not show blocks from external Internet IPs on the WAN interface. If the firewall is working at all then I should notice blocks from unsolicited Internet traffic to my WAN IP. I do not see any such traffic on my Untangle box in the firewall logs. Either this is not being blocked or the "Firewall --> All Events" report is not accurate. Does the firewall block unsolicited WAN traffic and if so, why is the report inaccurate?

[dashpuppy]

I noticed the Firewall interface does not show blocks from external Internet IPs on the WAN interface. If the firewall is working at all then I should notice blocks from unsolicited Internet traffic to my WAN IP. I do not see any such traffic on my Untangle box in the firewall logs. Either this is not being blocked or the "Firewall --> All Events" report is not accurate. Does the firewall block unsolicited WAN traffic and if so, why is the report inaccurate?

Why are you not checking TP & IPS ?TP.jpg

[evergreensysadmin]

Brand new to Untangle. I also do not see blocked WAN traffic from Threat Prevention. This concerns me because OPNsense was showing a WAN block at least every hour, so that suggests that I'm not seeing the real logs or it's not being blocked and relying on NAT for security, which would be an interesting design decision.

EDIT: Ah, I now see it in IPS. There is a surprising amount of IPs categorized negatively but still allowed. Guess I need to tweak that. Is there a master view for traffic handled by all modules?

[sky-knight]

Untangle has two different types of apps within it... apps and services.

You can have an app per policy, but a service only runs once per installation.

Services interact with the kernel more than apps do, but all are limited by the UVM itself to some degree. The UVM only processes TCP and UDP packets, from sessions that TRANSIT the Untangle appliance.

So in most cases, you simply will not see traffic that impacts on the Untangle server itself. It's not that NAT is being relied upon as much as without NAT if Untangle is running as a router, most ingress communications simply never happen to begin with. Should they happen, they are scanned.