UTM Logs: Traffic vs Web Filter

Forum|Forum|5 years ago
January 25, 2021
1 reply
5634 views

Hi,

I am investigating UTM firewall logs and I see two different type of logs that I need to understand better.

I have drilled down to a specific domain and IP-address of interest.

- UTM: Web Filter logs domain information and the amount of bytes sent/received. - Traffic: records traffic flow information such as: HTTP/HTTPS request and response and also stores bytes sent/received.

Are the logs related to each other or are they not related at all?

I see the amount of connections between both type of logs is almost similar. But when I look at the total amount of bytes between both logs there is a huge difference (fields: rcvdbyte and sentbyte) The ports being used and looked at are only HTTP and HTTPS.

I hope somebody can shed some light on this.

Thank you in advance,

Dave

Dave_FlinkAuthor

New Member

Anybody here who can assist with the question above?

ede_pfau

SuperUser

Hmm, I suspect you see higher numbers in the traffic logs.

Webfilter (WF) is content inspection for HTTP only. Depending on the settings, all or only some traffic might be logged according to matching categories. Even with all categories on Monitor, there is web traffic not matching any of these. You may or may not block this 'unmatched' traffic in the WF.

Does this correspond to what you are seeing?

Dave_FlinkAuthor

New Member

Ah that might answer my question, at least it makes a lot of sense. I did not configure the firewall so I will verify this next week.

Thank you for your swift answer!

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded