Firewall Analyzer Troubleshooting

Updated 2 months ago by Andrew Hill

Below are the most common problems/troubleshooting tips for the Firewall Analyzer

  1. Windows Firewall blocking incoming traffic on the machine
  2. Accidentally putting the Firewall's IP instead of the monitoring device's IP
  3. Not adding a syslog forwarding rule on the firewall to send the logs to the Firewall Analyzer (step 6 in configuration doc for details)
    1. By default, our filtering removes informational messages that do not require any action on your part. If you want to verify that everything works, try going to the configuration menu and changing the Don't Report Events Lower Than This Priority setting to Info
      One exception is IP Reputation Lookup. Traffic from malicious IPs will display even though it has an Info priority level.

      If you wish to block this traffic, use the Whitelist capabilities in the Review pane
      select traffic --> click "Action" button in bottom right --> "Add to Whitelist"
  4. Windows Server 2019 is sometimes experiencing problems when used as the monitoring platform. Try a non-Server 2019 machine. If you would like updates on the status of Server 2019 support, let us know
  5. If you are experiencing problems using UDP/TCP, try using the other
  6. If you are using a firewall that allows you to configure the severity level of syslog events being sent, set severity to info
  7. Ensure your logs are being sent space-separated (not comma-separated)
  8. If needed, try restarting the agent

None of these fix your problem? Contact support via chat on our website or via email

How did we do?

Powered by HelpDocs

Powered by HelpDocs