1 Reply Latest reply on Aug 17, 2017 5:43 PM by sssyyy

    Determine action of SonicWALL logs

    kdevmu

      Can anyone help me to understand why we get fw_action="NA" in SonicWALL syslogs? I have TZ 600 and more than 70% Syslog messages have fw_action="NA". So I am unable to determine action on that traffic whether its allowed/denied?

       

      Sample log:

       

      id=firewall sn=XXXXX time="2017-08-17 13:33:40 UTC" fw=X.X.X.X pri=6 c=1024 m=97 app=9 n=1393310 src=172.27.17.2:53167:X0 dst=206.125.47.13:80:X1 srcMac=X.X.X.X dstMac=X.X.X.X proto=tcp/http op=1 sent=675 rcvd=7419 dstname=cb.iphantom.com arg=/block/restricted.html?fn=Default&fp=1&ip=172.27.17.2&ibip=172.27.16.3&ldu= 0&re=1&bu=dsum.casalemedia.com/rum&bc code=15 Category="Business and Economy" rule="3 (LAN->WAN)" fw_action="NA"