Monitoring the use of asynchronous reloading

In asynchronous reloading, when a filter policy is applied, some TCP/UDP connections may appear to have no filter or NAT rules. This is a transitional state. When a new packet is received or sent for the connection, the intrusion prevention system reassesses the connection against the active filter policy. If it is still allowed, it will be retained, and its filter and NAT rules are updated. Otherwise, the connection will be deleted.

This section describes the elements that can be monitored when asynchronous reloading is used.

Dashboard

When asynchronous reloading is enabled, an information message appears in the Messages widget of the Monitoring > Dashboard module.

Asynchronous reloading dashboard warning activated

SNS firewall audit logs

Go to Monitoring > Logs - Audit logs > System events:

A system event is displayed when asynchronous reloading is enabled or disabled,

Asynchronous reloading audit logs

The reloading message in a filter policy specifies the filter policy in question, the duration of the reload, and whether it occurred while asynchronous reloading was enabled (in which case it will be tagged as asynchronous reload) or disabled (in which case it is tagged only as reload).

Filter policy reloading message with type and duration

Monitoring connections

In Monitoring > Monitoring > Connections, connections in asynchronous mode are tagged with the Asynchronous connection selected icon in the Asynchronous reload column.

Column dedicated to synchronizing asynchronous connections

You can choose to display only connections in asynchronous mode. To do so, click on Filter, then check the View all connections related to asynchronous reloading criterion.