I have 2 Netgate firewalls, an SG-2440 and an SG-1100. Both are up-to-date running 2.4.4-RELEASE-p3. Both are configured for remote syslog, where the logs are being received properly.
I have recently factory reset and reconfigured both firewalls, for IPv4 traffic only. The SG-2440 is acting as expected, and the filterlog only shows message pertaining to IPv4. The SG-1100, however shows a tonne of IPv6 messages, in one of 2 reoccurring formats. The first are UPD messages from an internal (fe80::) to the IPv6 multicast address (ff02::fb) on port 3702. The second messages are also UDP, but on port 5353. There are all mdns related messages, either WS-Discovery or Avahi/bonjour, etc.
What I am trying to figure out is why the SG-2440 does not show IPv6 traffic in the syslog, but the SG-1100 does. I have reconfigured them using the same process. My goal is to limit the SG-1100 to IPv4 messages only, as my ISP drops all IPv6 traffic at their end.
Any suggestions on where I can look to track down what is causing the logging difference?
If they are at two sites there may not be any v6 traffic hitting the 2440 to log.
If you just want to stop it logging you can create a block IPv6 firewall rule with logging disabled and it will block it before it hits the default block rule.
@stephenw10 They are at the same site, acting as gateways for the same LAN network. Computers/devices/etc get assigned a specific gateway configured via DCHP. Gaming/Home traffic goes through the SG-2440, and homelab specific stuff goes through the SG-1100. The OPT networks provide 2 different DMZs.
WAN: <external Public IP ending .118>
WAN: <external public IP ending .119>
All logged IPv6 traffic from my original post is on the LAN interface on the SG-1100. I don't care that there is IPv6 traffic on my LAN, it's just really noisy in my log systems.
I don't care that there is IPv6 traffic on my LAN, it's just really noisy in my log systems.
Then just block it with a custom rule without logging set.