cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
kdevmu
Level 7
Report Inappropriate Content
Message 1 of 2

Determine action of SonicWALL logs

Can anyone help me to understand why we get fw_action="NA" in SonicWALL syslogs? I have TZ 600 and more than 70% Syslog messages have fw_action="NA". So I am unable to determine action on that traffic whether its allowed/denied?

Sample log:

id=firewall sn=XXXXX time="2017-08-17 13:33:40 UTC" fw=X.X.X.X pri=6 c=1024 m=97 app=9 n=1393310 src=172.27.17.2:53167:X0 dst=206.125.47.13:80:X1 srcMac=X.X.X.X dstMac=X.X.X.X proto=tcp/http op=1 sent=675 rcvd=7419 dstname=cb.iphantom.com arg=/block/restricted.html?fn=Default&fp=1&ip=172.27.17.2&ibip=172.27.16.3&ldu=0&re=1&bu=dsum.casalemedia.com/rum&bc code=15 Category="Business and Economy" rule="3 (LAN->WAN)" fw_action="NA"

1 Reply
Reliable Contributor sssyyy
Reliable Contributor
Report Inappropriate Content
Message 2 of 2

Re: Determine action of SonicWALL logs

Maybe it doesn't need to take any actions? This should be a FW vendor/person question.

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community