Firewall missing traffic



  • Hi everyone.

    I've a question and I'm out of ideas and need your help!

    For start, here is the environment and the network flow:

    • traffic comes from internet to pfsense WAN interface and I've set rule there to allow all traffic to one specific host XX (and I'm logging traffic)
    • the server where traffic comes in behind NAT and this traffic goes to host XX as mentioned

    Now, the host XX have also hardware firewall and here is the problem:

    • hardware firewall detects some traffic as suspicious/intrusion prevention but this traffic I don't see on pfsense traffic - why?

    Example of this kind of traffic seen by host XX / hardware firewall:
    time: 2017/03/03 10:55:27
    src: 83.136.83.234, 443
    dst: HOST XX, 18283
    TCP scanned port list, 23110, 48846, 14554, 61720, 33472

    Sometimes traffic like that is logged in pfsense, sometimes it's not. Any ideas?


  • Banned

    @mislav:

    Now, the host XX have also hardware firewall and here is the problem:

    • hardware firewall detects some traffic as suspicious/intrusion prevention but this traffic I don't see on pfsense traffic - why?

    Ask the unknown firewall vendor. Really totally OT here.



  • So you suspect this hardware firewall could log some traffic that comes through pfsense but that traffic is not logged on pfsense, but it's there?