Motorola SBG-940 User Guide - Page 45

Overview Installation Troubleshooting Contact FAQ Specifications Glossary License Configuration: Basic Gateway TCP/IP Wireless USB Firewall > LOGS Page You can use this page to set which firewall events are logged. Firewall > LOGS page fields Field or Button Description Enable Session Log Enable Blocking Log Enable Intrusion Log Apply Select this box to log every data session from the private LAN that was authorized by the SBG940 firewall. Usually, the session log displays a history of normal data traffic. It also lists the start of sessions the firewall terminated because: • The policy was changed • They were eventually determined to be an intrusion or attack To display the session log, click session. Select this box to log inbound and outbound packets that the SBG940 firewall: • Does not allow to pass because they use protocols and/or ports not explicitly allowed by the active policy • Determines to be invalid because of a session or reassembly timeout To display the blocking log, click blocking. Select this box to log attacks using common network intrusion tactics that the SBG940 firewall detects and stops. To display the intrusion log, click intrusion. Click to apply your changes. If you enable the firewall, the blacklist log is always generated. Any IP address the firewall determines to have breached the active policy is added to the blacklist log. To view the blacklist log, click blacklist. The firewall blocks all traffic to and from a blacklisted IP address for 24 hours or until you reboot the SBG940 or manually clear the blacklist by clicking Clear on the Firewall > LOGS - blacklist page. SBG940 User Guide 37