cancel
Showing results for 
Search instead for 
Did you mean: 

Too much firewall blocked traffic

we have Too much firewall blocked udp traffic almost every second from different sources such dhcp traffic, icmpv6 , and multicast. does this have affect on the hard disk? does it harm the hard disk? does it write the blocked traffic to the hard disk every second?

this is one example

4 Replies
jj4sec
Level 10
Report Inappropriate Content
Message 2 of 5

Re: Too much firewall blocked traffic

you could create a block rule but not log it

Re: Too much firewall blocked traffic

I do not think you can do it. if you block a thing it must appear on the blocked traffic

Highlighted

Re: Too much firewall blocked traffic

Ever got an answer or any luck with this?

trying also (without much success) to block and *NOT LOG* this traffic, and other network discoveries related ports which I don't think they have any "added value" on an entreprise network

We don't want to log know any of this block traffic as we are always getting calls when people get anything red and thinking this must be related to their problems....

These are the ports related to Network Discovery as per technet blog I am trying to block and not log..my rule trigger but even though I select to NOT log..it seem it log anyway.

  • TCP 2869 - UPNP
  • TCP 5357 - WSDAPIEvents
  • TCP 5358 - WSDEvents Secure
  • UDP 5355 - LLMNR
  • UPD 3702 - WSD publishing
  • UDP 1900 - SSDP

ref : http://blogs.technet.com/b/networking/archive/2010/12/06/disabling-network-discovery-network-resourc...

McAfee Employee ktankink
McAfee Employee
Report Inappropriate Content
Message 5 of 5

Re: Too much firewall blocked traffic

This HIPS Activity log data is being written to the EVENT.LOG file; it should have no effect on the hard disk (it's normal log writing).

You cannot force Firewall traffic to NOT be logged to the Activity log, unless you disable the LOG ALL BLOCKED/ALLOWED traffic filter option in the HIPS ClientUI Activity log menu.  This will cause all blocked/allowed traffic to NOT be written to the Activity log, unless you have the LOG MATCHING TRAFFIC option in a firewall rule.

The LOG MATCHING TRAFFIC option in the Firewall rule will only force logging ON for network traffic matching the rule, in the event that the LOG ALL BLOCKED/ALLOWED traffic filters are disabled (these options are configurable by any user; not ePO policy-configurable). 

Leaving the LOG MATCHING TRAFFIC option off does not force logging OFF for the network traffic matching the rule (it can still be shown in the Activity log if LOG ALL BLOCKED/ALLOWED is enabled).

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community