The Denied Packets report show information about all the incoming and outgoing packets that were denied access through the Firebox. This report also includes information about traffic denied for users who exceed the bandwidth and time quota settings on your device.
This report is available only if log messages with data for this report exist in the specified time frame. To make sure that your Firebox sends log messages required to generate this report , follow the steps to Enable Logging for this Report.
How to Use this Report
Use this report to see traffic blocked by the Firebox, by client IP address or user name. .
Here are some ways to use this report:
- Select the summary report to see a summary of denied packets for each client
- Select the detail report to see information about why the Firebox dropped traffic.
View the Report
This report is available in WatchGuard Cloud and in Dimension.
- Log in to WatchGuard Cloud.
- Select Monitor > Fireboxes.
The Device Manager page appears.
- From the Device Manager list, select a folder or a specific device.
- To select the report date range, click the Calendar .
- From the list of reports, select Device > Denied Packets.
The report appears.
- To see reports for your Fireboxes or FireClusters, select Home > Devices.
The Devices list appears.
To see reports for your groups of Fireboxes, select Home > Groups.
The Groups list appears.
- Select the Name of a Firebox, cluster, or group.
The Tools > Executive Dashboard page appears.
- Select the Reports tab.
- Select Device > Denied Packets.
The report appears.
You can use pivots to change the view of the data on the detail report.
To switch to a different view, select a pivot from the drop-down list above the report.
The detail report includes these pivots:
Denied Packets Detail
This is a detailed report of all the packets denied by your device, organized by detail.
Includes the time of the first action, the source and destination IP addresses, the number of attempts for each packet, the protocol and port, and the action.
Denied Packets by Client Detail
This is a detailed report of all the packets denied by your device, organized by client.
Includes the IP address of the client, the first and last date/time the packet was denied, the intended packet destination, the protocol and port , and the number of attempts for each packet.
To view a detailed report of denied packets, click the View Details link at the top of the summary report. Or, to go directly to the summary report, select Detail > Denied Packets.
Logging of denied packets is in enabled in policies by default.
If it is disabled, to enable it again:
- In packet filter policies, select the Send a log message for reports.
- In proxy policies, select Enable logging for reports.
For more information, see Set Logging and Notification Preferences.