The firewall incorporates hardware and software fail-safe mechanisms that are indicated via system alerts and logs. You can inspect the logs to see what is happening with the traffic.
Viewing Log Files
To access the logs on the CloudGen Firewall web interface:
- Go to LOGS.
- Expand Select Log file drop-down list
- Choose the log file type.
From the LOGS tab, you can view a number of log files to monitor and troubleshoot the firewall.
The Authentication Log (Auth) displays messages from the authentication service. This includes logins for the web interface and messages from the various authentication methods. For example, if a client cannot access a service, the unsuccessful authentications are written into the log. Successful authentications are also recorded.
The Firewall Log (NGFW) displays firewall activity, such as rules that have been executed and traffic that has been dropped. It lists all connections on the firewall. You can filter the log by criteria such as a source IP address or network, or the time that the connections occurred.
The HTTP Log displays the activities of the firewall's connection to the Barracuda Web Security Service. There are several codes in the log. For details on these codes, see the HTTP Log Codes Overview section.
Use the Network Log to investigate why network configuration changes are not working properly or cannot be activated. The messages in the Network Log might explain the problem. If not, check the network configuration again for any problems or conflicts.
The VPN Log displays information for all client-to-site and site-to-site VPN tunnels. Use this log to investigate why VPN tunnels and PPTP connections are disconnecting or not being established. To see the messages for specific VPN connections, you can also filter the log by IP addresses.
HTTP Log Codes Overview
The following tables provide details on the codes that you might see on the LOGS > HTTP Log page.
A valid copy of the requested object was in the cache.
The requested object was not in the cache.
An expired copy of the requested object was in the cache. Squid made an If-Modified-Since request, and the response was "Not Modified."
An expired copy of the requested object was in the cache. Squid attempted to make an If-Modified-Since request, but it failed. The old (stale) object was delivered to the client.
An expired copy of the requested object was in the cache. Squid made an If-Modified-Since request and received a new object.
The client issued a request with the "no-cache" pragma. ("reload" - handled as MISS)
An If-Modified-Since GET request was received from the client. A valid copy of the object was in the cache (fresh).
An If-Modified-Since GET request was received from the client. The requested object was not in the cache (stale).
The object was believed to be in the cache, but could not be accessed.
Access was denied for this request.
The remote site or network is unreachable; it may be down.
The remote site or network may be too slow or down.
All clients went away before transmission completed, and the object is too big to cache.
The remote site or network may be down.
Client dropped connection before transmission completed. Squid fetched the Object according to its settings for `quick_abort'.
The remote site or server may be down.
Invalid HTTP request.
Invalid URL syntax.
Out of file descriptors.
DNS name lookup failure.
Protocol not supported.
The requested URL cannot currently be retrieved.
There is no WAIS relay host defined for this cache.
The system disk is out of space or failing.
The remote server closed the connection before sending any data.
This cache is not configured to retrieve FTP objects.
Access denied. Users must be authenticated before accessing this cache.