Protections
This window contains the list of the latest alarms or system events raised by the firewall. Some columns can be hidden by default.
Date |
Date and time of the last alarms raised, arranged from the most recent to least recent. |
Message |
Comment associated with the selected alarm. Examples of possible messages“Invalid ICMP message (no TCP/UDP linked entry)” (minor priority). “IP address spoofing (type=1)” (major priority). |
Action |
When an alarm is raised, the packet that set off the alarm will be subject to the action configured. The actions are “Block” or “Pass”. |
ID | Unique alarm ID. |
Class | Class associated with the alarm. |
Priority |
3 levels of priority are possible and can be configured in the module Application Protection > Applications and Protections. |
Source interface | Interface on which packets that set off the alarm arrived |
Source port | Source port of packets that set off the alarm |
Source |
IP address that raised the alarm. For the purpose of compliance with the European GDPR (General Data Protection Regulation), IP addresses are now replaced with the term "Anonymized". To view them, you will need to obtain the "Full access to logs (private data)" privilege by clicking on Logs: restricted access and refreshing the data in the widget. |
Destination Port | Destination port of packets that set off the alarm |
Destination |
Address of the destination host of the packet that set off the alarm. |
Right-clicking on the line of an alarm or system event opens access to its configuration or help page:
Go to alarm configuration |
This button shows the alarms in the Applications and Protections module. The Advanced column in the selected includes the Advanced options button, which makes it possible to send an e-mail when an alarm is raised, quarantining the host that caused the alarm to be raised or capturing the blocked packet. |
Go to system event configuration |
This button shows the system event in the Notifications > System events module. The Advanced column in the selected row includes the Configurebutton, which makes it possible to send an e-mail when an alarm is raised, quarantining the host that caused the alarm to be raised or capturing the blocked packet. |
Open help to see details on this alarm |
Select the desired alarm and click on this link, which will take you to a help page relating to the message (see above). |