Where to find FW logs

Where to find FW logs

Where to find FW logs
Where to find FW logs
2024-10-14 11:52:57
Model: ER605 (TL-R605)   OC200   SG2016P  
Hardware Version: V2
Firmware Version: 226

Hi all,

I recently replaced a Firewalla with an ER605v2 because the Firewalla died and the rest of my network is Omada (OC200, SG2016P, EAP660HD, etc.)

 

I have 2 VLANs configured, Main (Vlan 1) and IoT (Vlan 200). I've created a rule to block all ports from IoT to Main which is working fine.

 

I'd like to see for example that IP 192.168.200.4 tried to communicate with 192.168.1.25 on port 80 but it was blocked.

 

Where can I find what it is actually blocking (and as I add more FW rules, what it is allowing through)?

  0      
  0      
#1
Options
5 Reply
Re:Where to find FW logs
2024-10-14 21:57:19

  @FPAddict ,

 

Believe it or not, it's currently not possible for us mere end customers.

I've been told it's available in MSP mode (network managed by 3rd party) and that TP-Link is looking at expanding support...

  0  
  0  
#2
Options
Re:Where to find FW logs
2024-10-14 22:42:02

  @EricPerl really? I would consider that one of the most basic capabilities of a router/firewall. 

  0  
  0  
#3
Options
Re:Where to find FW logs
2024-10-14 23:31:14 - last edited 2024-10-14 23:31:44

  @FPAddict ,

 

You and me both... See:

Logging & Monitoring of ACL rules - Business Community (tp-link.com)

 

Some of the attack/defense built-in rules generate log entries.

All of but one kind as information about the source...

 

You get: Router detected TCP SYN-and-FIN packets attack and dropped 1 packets.

The one that contains source information is a "Ping attack" so I now know that I'm attacked by my Ring Camera on the LAN side (LOL).

 

  1  
  1  
#4
Options
Re:Where to find FW logs
2024-10-14 23:39:44

  @EricPerl What is "MSP mode" that you mentioned?

  0  
  0  
#5
Options
Re:Where to find FW logs
2024-10-15 01:17:28

  @FPAddict ,

 

Per Controller documentation:

MSP (Managed Service Provider) mode allows you to know the status of your customers at a glance, and manage customers in the Omada platform.

 

As I understand it, it applies to cases where a 3rd party manages your network.

You can't even enable it with a HW controller. I guess the controller is somewhere in the cloud in that case.

  0  
  0  
#6
Options