Skip to content
Last update: 2022-06-16

Firewall log behavior for web traffic

When you configure a firewall rule to drop all traffic, the firewall logs show traffic on ports 80 and 443 is allowed. The web proxy blocks the traffic rather than the firewall rule.

Here's an example. You create a firewall rule with the action Drop, and you choose to log firewall traffic. The firewall logs behavior is as follows:

  • Ports other than 80 and 443: The firewall drops the packets. The firewall logs show the traffic is denied.

  • Ports 80 and 443: The firewall accepts the incoming packets and passes them to the web proxy, which blocks them. The web proxy sends a block page to the user. The web filter log shows the traffic is denied, but the firewall logs show the traffic is allowed.

However, if you create a firewall rule with the action Reject, traffic from ports 80 and 443 is rejected the same way as traffic from other ports. The firewall logs show the traffic is rejected.

Back to top