Firewall Analyzer Troubleshooting

The most common problems and troubleshooting tips for the Firewall Analyzer

Common Problems

  1. Windows Firewall blocking incoming traffic on the machine
  2. Accidentally putting the Firewall's IP instead of the monitoring device's IP
  3. Not adding a syslog forwarding rule on the firewall to send the logs to the Firewall Analyzer App
  4. By default, our filtering removes informational messages that do not require any action on your part. If you want to verify that everything works, try going to the configuration menu and changing the Don't Report Events Lower Than This Priority setting to Info
    1. You should receive an app result in the RocketCyber dashboard that says "connected" when firewall data is successfully reaching the app
  5. Windows Server 2019 is sometimes experiencing problems when used as the monitoring platform. Try a non-Server 2019 machine. If you would like updates on the status of Server 2019 support, let us know
  6. If you are experiencing problems using UDP/TCP, try using the other
  7. If you are using a firewall that allows you to configure the severity level of syslog events being sent, set severity to info
  8. Ensure your logs are being sent space-separated (not comma-separated)
    1. This does not apply to formats such as Barracuda which do not use standard formats (e.g. Barracuda logs are pipe-separated)
  9. If needed, try restarting the agent

One exception to priority level filtering is IP Reputation Lookup. Traffic from malicious IPs will display even though it has an Info priority level.

If you wish to block this traffic, use the Whitelist capabilities in the Review pane:

  1. Select the traffic you wish to whitelist 
  2. Click Action, Add to Whitelist in the bottom right of the page

 

If you have any questions about the Firewall Log Analyzer not covered here, feel free to contact support via email or using chat on our website