Firewall + Summary view - i need help to understand the "cake"
-
Hi
I dont understand the "picture"...???
This cake graph is from Firewall + Summary view.
What is going on here, can anyboady explain how to understand this graph:
-
It's an analysis of the firewall log. Of the items in the firewall log, the addresses shown account for the indicated percentage of log entries.
That looks like mostly IPv6 link-local traffic, so it's probably normal traffic that your rules are set to log for one reason or another.
-
@jimp said in Firewall + Summary view - i need help to understand the "cake":
it's probably normal traffic that your rules are
Thanks.
So this is IP6, i was trying to install only ip4.Where should i start to look if i want to find the source for the logged traffic?
-
To track down IPv6 clients, first look in the actual firewall log to get the address, then look in Diagnostics > NDP Table to find the client's MAC address (if it's online/active then). After that you can use the MAC to find it on your DHCP v4 leases and maybe find a hostname, or look it up in your switch if you have a managed switch to find the port it's on, or in your AP to find the client name.
Look at the log entries first, though. It's probably not anything worth worrying about, probably local multicast traffic from clients trying to find things on the local network.
-
Windows boxes out of the box are going to be Noisy little bastards.. And even if your not using IPv6 are going to put a lot of NOISE on the network via ipv6
You have a few options
Just ignore it and live with the log spam
Set firewall not to log the noise
Configure your client boxes to not send out so much ipv6 noise when your not using ipv6 - with windows easy way is to just disable it.. Take a look here for what option best suites your needs.
https://support.microsoft.com/en-us/help/929852/guidance-for-configuring-ipv6-in-windows-for-advanced-users
