Manuals / Motorola / Computer Equipment / Modem

Motorola SBG900 Firewall LOGS, Option, Description, Session Log, Blocking Log, Intrusion Log

Models: SBG900

1 130
Download 130 pages 40.66 Kb
Page 40
Image 40
Firewall > LOGS

Overview Installation Troubleshooting Contact FAQ Specifications Glossary License

Configuration: OptionSession LogBasic Blocking Log Gateway TCP/IP Wireless USB

Firewall > LOGS

 

Option

Description

Session Log

The Session Log shows data sessions that have occurred and tracked by the Firewall. To

 

enable logging of sessions, the Enable Session Log option must be selected in the Firewall

 

Logs Config Page. A firewall policy must be in effect for session events to be generated. If the

 

firewall policy is set to None then no new session entry will be generated.

 

The log entries correspond to data sessions that have occurred in the device that are

 

authorized by the normal firewall filters. Usually, this log shows the history of normal data

 

traffic. Though a session may be terminated early by the firewall due to policy or session

 

change, or if the session is later determined by the firewall to be an intrusion attack.

Blocking Log

The Blocking Log shows firewall blocking events. To enable logging of blocking events, the

 

Enable Blocking Log option must be selected in the Firewall Logs Config Page. A firewall

 

policy must be in effect for blocking events to be generated. If the firewall policy is set to None

 

then no new blocking entry will be generated.

 

The log entries correspond to firewall blocking events that occur when unauthorized inbound

 

or outbound data packets are detected. Unauthorized data packets are those that use

 

protocols and/or ports that are not explicitly allowed by the current firewall policy. In addition,

 

data packets that are determined to be invalid due to session time-outs or reassembly

 

time-outs are also blocked.

Intrusion Log

The Intrusion Log shows the intrusions attempts that have occurred and stopped by the

 

firewall. To enable logging of intrusion events, the Enable Intrusion Log option must be

 

selected in the Firewall Logs Config Page. A firewall policy must be in effect for intrusion

 

events to be generated. If the firewall policy is set to None then no new intrusion entry will be

 

generated.

 

The log entries correspond to intrusion attacks that have been detected and stopped by the

 

firewall. The firewall is capable of detecting several well-known intrusion tactics that is used to

 

attack a network device. This log is a history of those intrusion events.

Blacklist

The Blacklist Log shows the IP addresses that have been determined by the firewall to have

 

breached the firewall policy of the SBG. A firewall policy must be in effect for blacklist entries

 

to be generated. If the firewall policy is set to None then no new blacklist entry will be

 

generated.

 

Once an IP address has been blacklisted, the firewall will block all traffic to and from that IP

 

address for 24 hours or when the SBG is rebooted. The user can manually clear the blacklist

 

by pressing the Clear button on the Blacklist Page. Clearing the blacklist table also allows

 

normal traffic to flow between the SBG and the formerly blacklisted entries

X

34

SBG900 User Guide

Home Print Exit

Page 39 Page 41
Page 40
Image 40
Motorola SBG900 Firewall LOGS, Option, Description, Session Log, Blocking Log, Intrusion Log, Blacklist, Home Print Exit
Page 39 Page 41