Traffic block logs

Traffic block logs record information about packets that are blocked by the management platform. These logs can be used for traffic analysis, attack detection, and network behavior auditing. Additionally, when a communication failure occurs, you can enable traffic bypass to disable all management platform network policies and permit all service traffic to determine whether the failure is caused by network policies.

Restrictions and guidelines

• If you specify an IP address or IP address range to filter traffic block logs, the system matches it against both the source and destination IP addresses of the blocked packets. A traffic block log entry is displayed as long as its source or destination IP address matches the specified criterion.

• If you configure a traffic block policy on a VM port and configure the port as the source port of a port mirror image, the port is not recorded in the traffic block log. This is because packets can be transmitted to the destination port of that port mirror image.

View traffic block logs

On the top navigation bar, click Services, and then select Security > Traffic Block Logging from the left navigation pane. You can view detailed network log information, including source IP address, destination IP address, destination port, destination MAC address, protocol, time, source MAC address, source port, data packet size (bytes), and matched block rule. For descriptions about these fields, see "Parameters."

Filter traffic block logs

1. On the top navigation bar, click Services, and then select Security > Traffic Block Logging from the left navigation pane.

2. Enter filter criteria at the top of the page. You can enter an IP address or IP address range, select a protocol, enter a matched block rule, or specify a time range. Alternatively, you can enter multiple filter criteria.

When filtering traffic block logs by IP address or IP address range, you can enter a single IP address or IP address range. For example, 192.168.252.1, or 192.168.252.1 to 192.168.252.10.

3. Click Filter.

All traffic block logs that match the filter criteria will be displayed in the list.

Enable traffic block logging

1. On the top navigation bar, click Services, and then select Security >Traffic Block Logging from the left navigation pane.

2. Click Enable Traffic Block Logging.

Enable data passthrough

1. On the top navigation bar, click Services, and then select Security >Traffic Block Logging from the left navigation pane.

2. Click Enable Data Passthrough.

3. In the dialog box that opens, click OK.

Clear traffic block logs

1. On the top navigation bar, click Services, and then select Security >Traffic Block Logging from the left navigation pane.

2. Click Clear.

3. In the dialog box that opens, click OK.

Refresh traffic block logs

1. On the top navigation bar, click Services, and then select Security >Traffic Block Logging from the left navigation pane.

2. Click the  icon.

3. You can select a refresh interval on the right of the page.

Disable traffic block logging

1. On the top navigation bar, click Services, and then select Security >Traffic Block Logging from the left navigation pane.

2. Click Disable Traffic Block Logging.

Parameters

• Source IP: Source IP address of the blocked packet.

• Destination IP: Destination IP address of the blocked packet.

• Destination Port: Destination port of the blocked packet.

• Destination MAC: Destination MAC address of the blocked packet.

• Protocol: Protocol used by the blocked packet, which can be ARP, ICMP, ICMPv6, TCP, or UDP.

• Time: Time when the packet was blocked.

• Source MAC: Source MAC address of the blocked packet.

• Source Port: Source port of the blocked packet.

• Packet Size (bytes): Size of the blocked packet, in bytes.

• Matched Block Rule: Name of the ACL or vFirewall that matches the packet. A vFirewall name is prefixed with FW_.