Would recording Flows in syslog do the below on an MX device?
we would like to see flows that do NOT match any inbound rules on our firewall.
For example, we have an FTP server with a Public IP address and a list of Allowed Remote IPs (client IP addresses)
We would like to see in syslog (or elsewhere) when traffic from the internet hits the firewall rule for the FTP server and is denied.
this is for both security and for diagnosing problems when a client cannot send files via FTP, for example, if they have provided the wrong IP address to allow
this is a basic function of every firewall I have used.
I have used Make a Wish.
thanks in advance,
Isn't this more of an filtering case at the syslog servers end?
Or do you want to send only the denied events to the server?