Ask the Community
Groups
Firewall Analyzer Troubleshooting - Connect IT Community | Kaseya
<main> <article class="userContent"> <div> <h2 data-id="the-most-common-problems-and-troubleshooting-tips-for-the-firewall-analyzer">The most common problems and troubleshooting tips for the Firewall Analyzer</h2> <h3 data-id="common-problems">Common Problems</h3> <ol><li><a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fkaseya.vanillacommunities.com%2Fkb%2Farticles%2Faliases%2Frocketcyber%2Fhc%2Fen-us%2Farticles%2F360017915097" rel="noopener nofollow">Windows Firewall blocking incoming traffic on the machine</a></li> <li>Accidentally putting the Firewall's IP instead of the monitoring device's IP</li> <li>Not adding a Syslog forwarding rule on the firewall to send the logs to the Firewall Analyzer App</li> <li>By default, our filtering removes informational messages that do not require any action on your part. If you want to verify that everything works, try going to the configuration menu and changing the <strong>Don't Report Events Lower Than This Priority</strong> setting to <strong>Info</strong> <ol><li>You should receive an app result in the RocketCyber dashboard that says "<strong>connected</strong>" when firewall data is successfully reaching the app</li> </ol></li> <li>Windows Server 2019 is sometimes experiencing problems when used as the monitoring platform. Try a non-server 2019 machine. If you would like updates on the status of Server 2019 support, <a href="mailto:support@rocketcyber.com?subject=Request%20For%20Update%20When%20Server%202019%20Supported" rel="noopener nofollow">let us know</a> </li> <li>If you are experiencing problems using UDP/TCP, try using the other</li> <li>If you are using a firewall that allows you to configure the severity level of Syslog events being sent, set severity to info</li> <li>Ensure your logs are being sent space-separated (not comma-separated) <ol><li>This does not apply to formats such as Barracuda which do not use standard formats (e.g. Barracuda logs are pipe-separated)</li> </ol></li> <li>If needed, try restarting the agent</li> </ol><div data-hs-callout-type="caution"> <p>One exception to priority-level filtering is <em>IP Reputation Lookup</em>. Traffic from malicious IPs will display even though it has an Info priority level.</p> <p>If you wish to block this traffic, use the Whitelist capabilities in the Review pane:</p> <ol><li> <strong>Select</strong> the traffic you wish to whitelist </li> <li>Click <strong>Action, </strong><strong>Add to Whitelist </strong>in the bottom right of the page</li> </ol></div> <p>If you have any questions about the Firewall Log Analyzer not covered here, feel free to contact support <a href="mailto:support@rocketcyber.com?subject=Firewall%20Analyzer%20--%20General%20Question" rel="noopener nofollow">via email</a> or using chat on our website</p> </div> <div id="ka-feedback-form-container"> <div id="ka-feedback-form"> <h6 data-id="n-a"> </h6> </div> </div> </article> </main>