The firewall has no denylist hit logs
- Syslog log
- Firewall M9000 Series, M9000-S Series, M9000-X Series, M9000-AI Series
- NGFW Firewall
- Intrusion prevention system
- 0 Followed
- 0Collected ,352Browsed
Network Topology
Not involved
Problem Description
On-site addition of denylist function configured but no hit logs found in the web interface denylist log
Process Analysis
The following configurations need to be checked
1. Check if the interface carries a VRF. If yes, add the relevant configuration for denylist ip xx.xx.xx.xx vpn-instance xx
2. Acknowledge whether it can be properly blocked by the denylist (verify via debug or by enabling/disabling the denylist ip xxx command)
3. Verify whether the following configurations are correctly set
denylist global enable or denylist enable under the security zone
blacklist logging enable
4. Confirm whether the attack prevention denylist logging function is enabled
command line: dac log-collect service attack-defense denylist enable
web: System --> Log Settings --> Basic Configuration --> Memory Space Settings --> CTRL+F search denylist to quickly select
Solution
Follow the analysis process to troubleshoot