4 Replies Latest reply on Feb 25, 2015 12:21 PM by Kary Tankink

    Too much firewall blocked traffic

    alhaawi

      we have Too much firewall blocked udp traffic almost every second from different sources such dhcp traffic, icmpv6 , and multicast. does this have affect on the hard disk? does it harm the hard disk? does it write the blocked traffic to the hard disk every second?

      this is one example

       

        • 1. Re: Too much firewall blocked traffic
          jj4sec

          you could create a block rule but not log it

          • 2. Re: Too much firewall blocked traffic
            alhaawi

            I do not think you can do it. if you block a thing it must appear on the blocked traffic

            • 3. Re: Too much firewall blocked traffic
              dukebox

              Ever got an answer or any luck with this?

               

              trying also (without much success) to block and *NOT LOG* this traffic, and other network discoveries related ports which I don't think they have any "added value" on an entreprise network

              We don't want to log know any of this block traffic as we are always getting calls when people get anything red and thinking this must be related to their problems....

               

              These are the ports related to Network Discovery as per technet blog I am trying to block and not log..my rule trigger but even though I select to NOT log..it seem it log anyway.

               

              • TCP 2869 - UPNP
              • TCP 5357 - WSDAPIEvents
              • TCP 5358 - WSDEvents Secure
              • UDP 5355 - LLMNR
              • UPD 3702 - WSD publishing
              • UDP 1900 - SSDP

               

              ref : http://blogs.technet.com/b/networking/archive/2010/12/06/disabling-network-disco very-network-resources.aspxref:

              • 4. Re: Too much firewall blocked traffic
                Kary Tankink

                This HIPS Activity log data is being written to the EVENT.LOG file; it should have no effect on the hard disk (it's normal log writing).

                 

                You cannot force Firewall traffic to NOT be logged to the Activity log, unless you disable the LOG ALL BLOCKED/ALLOWED traffic filter option in the HIPS ClientUI Activity log menu.  This will cause all blocked/allowed traffic to NOT be written to the Activity log, unless you have the LOG MATCHING TRAFFIC option in a firewall rule.

                 

                The LOG MATCHING TRAFFIC option in the Firewall rule will only force logging ON for network traffic matching the rule, in the event that the LOG ALL BLOCKED/ALLOWED traffic filters are disabled (these options are configurable by any user; not ePO policy-configurable). 

                 

                Leaving the LOG MATCHING TRAFFIC option off does not force logging OFF for the network traffic matching the rule (it can still be shown in the Activity log if LOG ALL BLOCKED/ALLOWED is enabled).