Forum Discussion

Oly_r's avatar
Oly_r
Icon for Altocumulus rankAltocumulus
Feb 06, 2023
Solved

AFM not logging firewall rules

We have a lab setup that has a F5 i5800 running 14.1.5.1 working as a load balancer for DNS queries to multiple servers. I have been trying to get logs of the rule that drops all non dns queries and have not gotten a single entry. The count shows over 800 so there should be something there.

What i've done:
1. Created rules in Policy called DNS-Only with logging on for DropALL (last rule) and TCP-IN.

2. Enabled DNS-Only under Global.

3. Created Logging Profile DNS-Only-AFM-Log with Network Firewall enabled, set the Publisher to local-db-publisher and checked Accept, Drop, Reject in Log Rule Matches.

4. Enabled IP Intelligence, Traffic Statistics and Port Misuse to the same publisher (this was done after not getting any response with them set to Publisher NONE
5. Went into the Virtual servers enabled Network Firewall selecting the DNS-Only policy. Then enabled the Log Profile selecting the DNS-Only-AFM-Log
 

I then ran traffic through and watched the count going up on the TCP-in and DropAll rules. BUT NOTHING shows in Event logs Network Firewall. What am i missing.

Thanks for any help.