Protections

This window contains the list of the latest alarms or system events raised by the firewall. Some columns can be hidden by default.

Date

Date and time of the last alarms raised, arranged from the most recent to least recent.

Message

Comment associated with the selected alarm.

Examples of possible messages

“Invalid ICMP message (no TCP/UDP linked entry)” (minor priority).

“IP address spoofing (type=1)” (major priority).

Action

When an alarm is raised, the packet that set off the alarm will be subject to

the action configured. The actions are “Block” or “Pass”.

ID Unique alarm ID.
Class Class associated with the alarm.
Priority

3 levels of priority are possible and can be configured in the module Application Protection > Applications and Protections.

Source interface Interface on which packets that set off the alarm arrived
Source port Source port of packets that set off the alarm
Source

IP address that raised the alarm.

For the purpose of compliance with the European GDPR (General Data Protection Regulation), IP addresses are now replaced with the term "Anonymized". To view them, you will need to obtain the "Full access to logs (private data)" privilege by clicking on Logs: restricted access and refreshing the data in the widget.

Destination Port Destination port of packets that set off the alarm
Destination

Address of the destination host of the packet that set off the alarm.

Right-clicking on the line of an alarm or system event opens access to its configuration or help page:

Go to alarm configuration

This button shows the alarms in the Applications and Protections module. The Advanced column in the selected includes the Advanced options button, which makes it possible to send an e-mail when an alarm is raised, quarantining the host that caused the alarm to be raised or capturing the blocked packet.

Go to system event configuration

This button shows the system event in the Notifications > System events module.

The Advanced column in the selected row includes the Configurebutton, which makes it possible to send an e-mail when an alarm is raised, quarantining the host that caused the alarm to be raised or capturing the blocked packet.

Open help to see details on this alarm

Select the desired alarm and click on this link, which will take you to a help page relating to the message (see above).