cancel
Showing results for 
Search instead for 
Did you mean: 

There is no firewall events in the epo threat event log

Jump to solution

how can I get firewall events in the threat event log? we have got ips events, but not the firewall. For example we do not allow remote desktop (rdp 3389) but there is no event for that if someone tries to use rdp!

1 Solution

Accepted Solutions

Re: There is no firewall events in the epo threat event log

Jump to solution

Firewall events can be logged and queried in ePO. When you create a block rule in the firewall, however, you have to mark the box that says 'treat match as intrusion'. At least this is so in HIPs 7.. not sure about 8. I have verified this with testing recently.

4 Replies

Re: There is no firewall events in the epo threat event log

Jump to solution

Have you looked under Menu - Configuration - Server Settings - Event Filtering?

You may need to checkmark event 1096 - Port blocking rule detected and NOT blocked.

Re: There is no firewall events in the epo threat event log

Jump to solution

Al,

The fire wall is not a loggable event.  Only IPs evtents are loged.  Fire walls are loged on the clients only...

Regards,

Fichael

Re: There is no firewall events in the epo threat event log

Jump to solution

Is the firewall enabled?

Capture.PNG

Re: There is no firewall events in the epo threat event log

Jump to solution

Firewall events can be logged and queried in ePO. When you create a block rule in the firewall, however, you have to mark the box that says 'treat match as intrusion'. At least this is so in HIPs 7.. not sure about 8. I have verified this with testing recently.