Denied Packets Report

Applies To: Cloud-managed Fireboxes, Locally-managed Fireboxes

The Denied Packets report shows information about all the incoming and outgoing packets that were denied access through the Firebox. This report also includes information about traffic denied for users who exceed the bandwidth and time quota settings on your device.

This report is available when log messages with data for this report exist in the specified time frame. To make sure that your Firebox sends log messages required to generate this report, follow the steps to Enable Logging for this Report.

How to Use this Report

Use this report to see traffic blocked by the Firebox, client IP address, or user name.

Here are some ways to use this report:

  • Select the summary report to see a summary of denied packets for each client.
  • Select the detail report to see information about why the Firebox dropped traffic.

View the Report

This report is available in WatchGuard Cloud and in Dimension.

  1. Log in to WatchGuard Cloud.
  2. Select Monitor > Devices.
  3. Select a folder or a specific device.
  4. To select the report date range, click .
  1. From the list of reports, select Device > Denied Packets.
    The report opens.

Screen shot of the enied packets summary report.

  1. To see reports for your Fireboxes or FireClusters, select Home > Devices.
    The Devices list opens.
    To see reports for your groups of Fireboxes, select Home > Groups.
    The Groups list opens.
  2. Select the Name of a Firebox, cluster, or group.
    The Tools > Executive Dashboard page opens.
  3. Select the Reports tab.

    Screen shot of the Reports tab in Dimension.

  1. Select Device > Denied Packets.
    The report appears.

Pivots

You can use pivots to change the view of the data on the detail report.

To switch to a different view, select a pivot from the drop-down list above the report.

The detail report includes these pivots:

Denied Packets Detail

This is a detailed report of all the packets denied by your device, organized by detail.

Includes the time of the first action, the source and destination IP addresses, the number of attempts for each packet, the protocol and port, and the action.

Denied Packets by Client Detail

This is a detailed report of all the packets denied by your device, organized by client.

Includes the IP address of the client, the first and last date/time the packet was denied, the intended packet destination, the protocol and port , and the number of attempts for each packet.

Denied Packets Report Detail View

To view a detailed report of denied packets, click the View Details link at the top of the summary report. Or, to go directly to the summary report, select Detail > Denied Packets.

Screen shot of View Details link in a report

Enable Logging for this Report

Logging of denied packets is in enabled in policies by default for locally-managed Fireboxes.

If it is disabled, to enable it again:

  • In packet filter policies, select Send a log message for reports.
  • In proxy policies, select Enable logging for reports.

For more information, see Set Logging and Notification Preferences.

Related Topics

WatchGuard Cloud Device Reports List