XG Firewall

Suggest, discuss, and vote on new ideas for Sophos XG Firewall. The next thing in next-gen.

Suggest an Idea...

XG Log Viewer for WAF needs major improvement

We use XG for Web Server protection. The log viewer is really poor and I strongly believe does not provide a reasonable way to see clearly the traffic which is passing and traffic which is failing.
I have raised #839149 in October 18. Despite responding that I need more information, all I get is :

"this behavior is already logged with DEV under ID NC-43502. There are certain messages that will be colored red in the log viewer, typically ones that originate from WAF itself, like a block action by CTF or AV. To see the detailed WAF Logs, u can use the advanced
shell and have a look at /log/reverseproxy.log. Any changes to the coloring in the Logviewer will be decided by Product management. An additional feature request can be logged under ideas.sophos.com."

I do not receive information on progress, status, dates, or anything; nor even specifically 'what' is logged with development

I am unclear whether that means I need to do this or not but regardless, herewith my requirement.

The log viewer appears to show Web Server Protection traffic as 'green' and without any obvious indication of failure, even though
a) it originates from IPs which are not permitted
b) the URL is pointing to folders which are not valid or permitted

Whatever the current logic which leads to the current approach, the following is my opinion: the current methods of displaying the log make it *immensely* awkward to know if WAF publications are being allowed through or not. We have business rules publishing to specified source IPs and WAF publishing selected paths. Surely this is something which should be visible.

The current logs DO NOT (as far as I am able to determine after a lot of working) make it apparent in any way whether traffic which should not be blocked… is being blocked – especially traffic originating from IP addresses which are *not* on the list.

So we see traffic hitting the WAF from unauthorised sources and it looks as though the traffic passes through.

Hardly reassuring.

I am not sure exactly how else to phrase my feature request, because it seems more a requirement to fix the product.

1 vote
Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)

We’ll send you updates on this idea

Clive Crocker shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.