Source connection rate logging
I've searched this forum and elsewhere for an answer to this, but found none. I have a Pass firewall rule that allows traffic into a port forward. On the firewall rule, I've defined "Max. src. conn. Rate" and "Max. src. conn. Rates" to be what I want. The rule appears to work as I expect in testing. My challenge is that I don't seem to be able to know when the connection rate is exceeded.
The firewall logs show nothing, as I'm only logging explicit blocks/rejects. My first thought was that this would only get logged if there was a second firewall rule, defined as a Block, that had logging enabled. I've configured that, but nothing ever seems to hit that rule…so no logging.
A Pass rule with other limits, like connection rate limiting, really kind of has two possible outcomes. It would be nice to be able to log or otherwise know when the limit is being triggered, without having to know when the traffic is passing the rule. Is that possible?