Motorola SBG900 User Manual

34

SBG900 User Guide

Home

X

Exit

Print

Overview Installation Troubleshooting

Contact

FAQ

Specifications Glossary License

Configuration: Basic Gateway TCP/IP Wireless USB

Firewall > LOGS

Option

Description

Session Log

The Session Log shows data sessions that have occurred and tracked by the Firewall. To
enable logging of sessions, the Enable Session Log option must be selected in the Firewall
Logs Config Page. A firewall policy must be in effect for session events to be generated. If the
firewall policy is set to None then no new session entry will be generated.

The log entries correspond to data sessions that have occurred in the device that are
authorized by the normal firewall filters. Usually, this log shows the history of normal data
traffic. Though a session may be terminated early by the firewall due to policy or session
change, or if the session is later determined by the firewall to be an intrusion attack.

Blocking Log

The Blocking Log shows firewall blocking events. To enable logging of blocking events, the
Enable Blocking Log option must be selected in the Firewall Logs Config Page. A firewall
policy must be in effect for blocking events to be generated. If the firewall policy is set to None
then no new blocking entry will be generated.

The log entries correspond to firewall blocking events that occur when unauthorized inbound
or outbound data packets are detected. Unauthorized data packets are those that use
protocols and/or ports that are not explicitly allowed by the current firewall policy. In addition,
data packets that are determined to be invalid due to session time-outs or reassembly
time-outs are also blocked.

Intrusion Log

The Intrusion Log shows the intrusions attempts that have occurred and stopped by the
firewall. To enable logging of intrusion events, the Enable Intrusion Log option must be
selected in the Firewall Logs Config Page. A firewall policy must be in effect for intrusion
events to be generated. If the firewall policy is set to None then no new intrusion entry will be
generated.

The log entries correspond to intrusion attacks that have been detected and stopped by the
firewall. The firewall is capable of detecting several well-known intrusion tactics that is used to
attack a network device. This log is a history of those intrusion events.

Blacklist

The Blacklist Log shows the IP addresses that have been determined by the firewall to have
breached the firewall policy of the SBG. A firewall policy must be in effect for blacklist entries
to be generated. If the firewall policy is set to None then no new blacklist entry will be
generated.

Once an IP address has been blacklisted, the firewall will block all traffic to and from that IP
address for 24 hours or when the SBG is rebooted. The user can manually clear the blacklist
by pressing the Clear button on the Blacklist Page. Clearing the blacklist table also allows
normal traffic to flow between the SBG and the formerly blacklisted entries