Results 1 to 6 of 6
  1. #1
    Untanglit
    Join Date
    May 2021
    Posts
    21

    Default All blocked sessions

    I was using a different Firewall product before Untangle, and on that product, there was a LIVE LOG view that allowed me to see EVERY SINGLE blocked event and what rule was blocking it.

    This was useful when I was trying to diagnose issues reported by the users of the network.

    In Untangle NG Firewall, I have the option LOG BLOCKED SESSIONS enabled under Configuration > Network > Advanced, but I can't see where those get logged. Do they still get logged on a PER APP basis?

    I need a central location where I can see what is happening so that I can troubleshoot blocked sessions.

  2. #2
    Untangler
    Join Date
    Jul 2018
    Posts
    37

    Default

    The options in Config > Network > Advanced > Options refer to the layer-3 'section' of the NGFW; everything in the Config section of the software. Disabling 'log blocked sessions' there has no effect on each individual application's logs.

    The sessions that option refers to are the ones you'll find in Reports > Network, particularly the reports All Sessions and Blocked Sessions.

    Reports > Network > All Sessions includes information about sessions processed through the apps as well as by the layer-3 area, so it's kind of the kitchen-sink report and the best place to start troubleshooting blocks.

  3. #3
    Untanglit
    Join Date
    May 2021
    Posts
    21

    Default

    Looking at Reports > Network > All Sessions, that particular report does not say if the session was blocked or allowed to pass. I do see that in that same section there is a Reports > Network > Blocked Sessions report, and that gives me a list of all blocked sessions, but would that be ALL blocked sessions from anywhere?
    Ideally what I would want to see is a report that would provide ALL sessions handled by Untangle. Say if the session was blocked or not, and if blocked then specify which part of Untangle blocked it, and why (what rule within that part) caused the session to be blocked.

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,696

    Default

    In Reports > Network > All Sessions if you add the column "Filter Prefix" you can see if it was blocked. This report will have data if it was blocked at Layer 3 (Filter rules). To have all blocks (Web Filter, Firewall app, etc layer 3 & 7), would require joining several tables.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untanglit
    Join Date
    May 2021
    Posts
    21

    Default

    That is a huge issue that other UTMs have figured out.

    On my previous firewall solution, I could look at ONE report that would provide a simple way to troubleshoot any kind of blocked sessions.
    Telefonix likes this.

  6. #6
    Untangler
    Join Date
    Jul 2018
    Posts
    37

    Default

    You can open the Details pane along the right-hand side of the screen to see every application that interacted with a given session. (That pane is collapsed by default.)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2