|
Logged Events Appear Reversed |
The source and destination information that the UTM unit logs in the
syslog data for services including antivirus and intrusion detection
may be misleading. The logged message may seem to indicate the opposite
direction from where the virus or exploit was detected.
For example, the log for an event from a client PC on internal network,
accessing the Internet and downloading a virus infected file via http. The
infected file was coming from the Internet on
the UTM unit's external interface, to the Client PC on the internal
interface. The log output may appear to show the opposite.
The logging appears reversed because the Internal -> External
Firewall Policy protected this session, and the session
was established in that direction. Therefore the UTM logs the
session in the Internal -> External format, even though the file
was coming in the opposite direction.
|
Sign-up Now 
FAQ
How it Works