Denied Connections Reports

To search for and generate a report on denied connections by selected firewall log sources during a specified time interval, use the Denied Connections Real-Time Report.

Menu path: Reports > Network Activity > Denied Connections

In addition to setting the common report options in Preparing a Real-time Report, you can select:

  • The type of information the appliance aggregates for the generated report
  • Various optional filter operators in the generated report for your appliance
Denied Connections Report - Summary Methods
Method Description
Src IP/Any--> Any/Port Aggregates records from a specific Source IP and any port going to any 
destination IP and a specific destination port. The system derives the Source IP and destination port from your Device Type and Source Device selections.
Src IP/Any --> Dest IP/Port Aggregates records from a specific Source IP and any port going to a specific Destination IP and specific Destination port. The system derives the Source IP and Destination IP from your Device Type and Source Device selections.
Denied by Port Aggregates records from the port numbers only

Optional filter operators can be sorted in ascending or descending order. Choose sort order using the list. The default is to display all the following optional filter operators.

For more information on saving the generated report, see Formats for Saving a Generated Report.

Denied Connections Report - Optional Filter Operators
Option Description
Source Device Description of the device that sent these log messages
Attempts* Number of times log messages denied the connection
Src IP IP address of the source host device
Src Port Port number of the source host device
Dest IP IP address of the destination host device
Dest Port Port number of the destination host device
Protocol IP protocol (TCP, UDP, so on.) of the connection
Description Description of the destination port (service)
Access Group (Cisco PIX/ASA only) Lists any group of which you are a member
Rules (Check Point Interface only) Condition set on the firewall to complete the security policy; identifies what is allowed and not allowed through a specific interface.
Policy ID Unique policy identifier of the device on the firewall (Juniper Firewall only)
Direction (Check Point Interface, Cisco PIX/ASA/FWSM, Juniper Firewall, and Nortel Connectivity only) Inbound or Outbound connection attempt. Direction is stored as a number internally, for INBOUND use 1, for OUTBOUND use 2, and for INTERNAL use 3.
Note: “Attempts” for Cisco router by “src IP/any” are larger than the number shown in the Denied Connections Report because IP packets are measured in this instance, instead of the actual number of messages sent.
Related reference