Can't see blocked IP and FQDN Logs on deny policies

Question

Hi Folks!

Hope you are all doing well, I am new to the firewall role. I would like to ask why I cant see any denied logs related on our block list policy. we have this group for IP address and full qualified domain, we plae any malicious object from this group. but as I checked, It has block other IP address that are not included on the repository. and the IP address that are on the group are not is it because the user are not accessing this IP or I cant see it because of the 7 days log retention. I would appreciate your insights on this Also here is the policy (Version 7.2.8)

Name	From	To	Source	Destination	Schedule	Service	Action	Log
Block Inbound Traffic	any	any	Group of Malicious IP and FQDN detected from Qradar	all	always	ALL	DENY	Enabled
Block Outbound Traffic	any	any	all	Group of Malicious IP and FQDN detected from Qradar	always	ALL	DENY	Enabled

AEK · Accepted Answer

Hello BenIf you the logging is enabled in the rules and you don't see any logs then no traffic is matching those rules. In other words all the requested traffic has been allowed so far.On the other hand if you need to set the log retention for more than 7 days then you need to do it via CLI.config log disk setting    set maximum-log-age 60end

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded