monitoring firewall rules


#1

i worked with Microsoft isa server as a firewall, and now im moving to vyatta firewall.sometimes i need to see the traffic flow, or a rule denying something, but i dont know how.
i try to use
monitor firewall
but show no resulting traffic.
im using vyatta core, and a zone-firewall, and clustering.
i make some test in a lab environment, without zoning, and i can see the traffic.
anyone has a good way to see what happens with traffic between zones?
thank you, sorry for my english, im a spanish-speaker…


#2

You can issue:
show firewall name ACL-1 statistics
to see rule hits.

On top of that you can enable packet logging per rule, e.g.
set firewall name ACL-1 rule 10 log enable
And than you can see captured packets in:
show log firewall name ACL-1

Hope it helps


#3

thank you! i will try it, and tell you the result.
great idea!


#4

Hi,

how can show monitoring traffic where default action in the firewall is DROP ? , for example :
[b]
firewall name eth0-in default-action drop
firewall name eth0-in enable-default-log enable

monitor firewall name eth0-in
[/b]
how can match rule default-action in the log ?