Allow packets not shown in trafficmonitor
Hi..
We have a xtm330 with fireware 12.3. We have been troubleshooting some sip traffic so I have added so that allowed traffic also is logged in the policy but it does not write anything to trafficmonitor. If I disable the policy it starts writing out that the traffic is denied...
What can be the cause to this?
0
Sign In to comment.
Comments
Are you looking for the SIP traffic or the RTP stream packets? You will probably need to start an actual packet capture vs. using the logging.
Normally only the 1st UDP packet of a session is logged, and not all TCP packets are logged either.
You can do a packet capture on the firewall using TCP DUMP.
FSM:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/fsm/log_message_learn_more_wsm.html
Web UI:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/system_status/stats_diagnostics_tasks_web.html
Hi.
Thank you for your responses!
Will try to do a packet capture