You can collect the firewall diagnostic logs by running the remote diagnostic tests on an Edge.
For Edges running Release 3.4.0 or later which also have Stateful Firewall activated, you can use the following remote diagnostic tests to obtain firewall diagnostic information:
- Flush Firewall Sessions - Run this test on the required Edge by providing the Source and Destination IP addresses to flush the active firewalls session which needs to be reset. This is specifically for the Stateful Firewall. Running this test on an Edge not only flushes the firewall sessions, but actively send a TCP RST for the TCP-based sessions.
- List Active Firewall Sessions - Run this test to view the current state of the active firewall sessions (up to a maximum of 1000 sessions). You can filter by Source and Destination IP and Port as well as Segment to limit the number of sessions returned.
Note: You cannot see sessions that were denied as they are not active sessions. To troubleshoot those sessions, you will need to check the firewall logs.
You can use the following remote diagnostic tests to obtain the category and reputation score of a given URL, and threat category of a given IP:
- Get IP Threat Reputation - Run this test on the required Edge by providing the IP address to view the threat category of the given IP.
- Get URL Category/Reputation - Run this test on the required Edge by providing the URL to view the category and reputation score of a given URL.
For more information about how and when to run these remote diagnostics on an Edge, see VMware SD-WAN Troubleshooting guide available at https://docs.vmware.com/en/VMware-SD-WAN/index.html.