Logging question
-
Hi,
I have 2 Netgate firewalls, an SG-2440 and an SG-1100. Both are up-to-date running 2.4.4-RELEASE-p3. Both are configured for remote syslog, where the logs are being received properly.I have recently factory reset and reconfigured both firewalls, for IPv4 traffic only. The SG-2440 is acting as expected, and the filterlog only shows message pertaining to IPv4. The SG-1100, however shows a tonne of IPv6 messages, in one of 2 reoccurring formats. The first are UPD messages from an internal (fe80::) to the IPv6 multicast address (ff02::fb) on port 3702. The second messages are also UDP, but on port 5353. There are all mdns related messages, either WS-Discovery or Avahi/bonjour, etc.
What I am trying to figure out is why the SG-2440 does not show IPv6 traffic in the syslog, but the SG-1100 does. I have reconfigured them using the same process. My goal is to limit the SG-1100 to IPv4 messages only, as my ISP drops all IPv6 traffic at their end.
Any suggestions on where I can look to track down what is causing the logging difference?
-
If they are at two sites there may not be any v6 traffic hitting the 2440 to log.
If you just want to stop it logging you can create a block IPv6 firewall rule with logging disabled and it will block it before it hits the default block rule.
Steve
-
@stephenw10 They are at the same site, acting as gateways for the same LAN network. Computers/devices/etc get assigned a specific gateway configured via DCHP. Gaming/Home traffic goes through the SG-2440, and homelab specific stuff goes through the SG-1100. The OPT networks provide 2 different DMZs.
SG-2440:
WAN: <external Public IP ending .118>
LAN: 192.168.1.1
OPT: 192.168.2.1SG-1100:
WAN: <external public IP ending .119>
LAN: 192.168.1.254
OPT: 172.16.1.1All logged IPv6 traffic from my original post is on the LAN interface on the SG-1100. I don't care that there is IPv6 traffic on my LAN, it's just really noisy in my log systems.
-
@str8edgedave said in Logging question:
I don't care that there is IPv6 traffic on my LAN, it's just really noisy in my log systems.
Then just block it with a custom rule without logging set.
Steve