Forum Discussion
Disable Firewall Event Logging for Traffic on a Forwarding Virtual Server.
I have a Forwarding (IP) virtual server, with SNAT Automap. Allowed sources is set to 172.16.0.0/16, and destination is 10.0.0.0/8. The Big-IP has AFM enabled (default deny), with a global policy, but no security policy on this virtual server.
In spite of that, the event logs (Security -> Event Logs -> Network -> Firewall) show many entries for traffic forwarding through this VS. The context is shown as "Virtual Server" and the "Policy Type" and "Policy Name" fields are empty. The majority of these entries are for clients hitting a particular server and port, which I specifically don't want to log, due to the volume.
Problem is, I can't find what setting is actually causing them to be logged in the first place. Can anyone shed light on this?
I already have a global-policy rule that allows 172.16.0.0/16 to that server and port without logging, but this doesn't stop the log entries in the virtual server context.
I temporarily added a security policy to the VS, with a similar rule to the one in the global policy, but that also failed to stop these entries appearing.
The virtual server has the default fastL4 profile, and no logging parameters that I can see.
Other modules enabled: LTM, GTM, ASM, APM.
- IRONMANCirrostratus
Hi James,
Your firewall rule action should access decisively. if it is accept only, it will go for virtual server.
- GymCirrus
Thanks Richard, but as I said:
"I already have a global-policy rule that allows 172.16.0.0/16 to that server and port without logging, but this doesn't stop the log entries in the virtual server context.
"I temporarily added a security policy to the VS, with a similar rule to the one in the global policy, but that also failed to stop these entries appearing."
- Richard_KaronEmployee
Firewall logging is normally configure on a virtual under:
Local Traffic ›› Virtual Servers : Virtual Server List ›› <virtual server>
Select Security Tab:
Look under Log Profile for any profiles configured.
Then go to
Security ›› Event Logs : Logging Profiles
and click on the matching profile
Logging configuration is under the Network Firewall Enabled checkbox tab
Individual decisions on logging can be made for each created rule.
Security ›› Network Firewall : Policies ›› <rulename>
See the Logging state
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com