Syslog, flows and denied traffic, MX device

rockpaper
Here to help

Syslog, flows and denied traffic, MX device

Hello,

 

Would recording Flows in syslog do the below on an MX device?

 

we would like to see flows that do NOT match any inbound rules on our firewall.

For example, we have an FTP server with a Public IP address and a list of Allowed Remote IPs (client IP addresses)

We would like to see in syslog (or elsewhere) when traffic from the internet hits the firewall rule for the FTP server and is denied.

 

this is for both security and for diagnosing problems when a client cannot send files via FTP, for example, if they have provided the wrong IP address to allow

 

this is a basic function of every firewall I have used.

I have used Make a Wish.

 

thanks in advance,

rp

 

 

3 REPLIES 3
Karl
Here to help

Great Idea! Id also like to see this in future releases .

mtainio
Here to help

Isn't this more of an filtering case at the syslog servers end?

Or do you want to send only the denied events to the server?

Thanks for the reply.

I did not think the flows included firewall traffic, especially that if denied packets
If it does, then filtering syslog is an option

Of course, it would be good for the MX device to have better logging options.
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels