Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Log behavior for web traffic

When a firewall rule to drop traffic on ports 80 and 443 matches traffic, the firewall sends the traffic to the web proxy, which then blocks it.

The log for the Firewall component shows allowed, and the Web filter component shows blocked.

Note

Web exceptions apply even if the firewall rule has its action set to Drop. So, endpoints may still be able to perform actions, such as downloading Windows updates from Microsoft, even if their traffic matches a firewall rule set to Drop.

Firewall action and logs

If you select Log firewall traffic in Firewall rules and specify the other settings shown in the table, the firewall's behavior and the logs in Log viewer are as follows:

Firewall rule settings Ports other than 80 and 443 Ports 80 and 443
Drop

Firewall drops the packets.

Firewall log shows dropped.

Firewall accepts the incoming packets and passes them to the web proxy. The web proxy sends a block page to the user.

Firewall log shows allowed.

Web filter log shows blocked.

Allow

Block clients with no Heartbeat

Firewall drops packets from endpoints that don't send a heartbeat.

Firewall log shows dropped.

Firewall accepts the incoming packets and passes them to the web proxy.

The heartbeat system determines they should be blocked because the endpoint doesn't send a heartbeat. The web proxy sends a block page to the user.

Firewall log shows allowed, and another firewall log shows Heartbeat blocked.

Web filter log shows blocked.

Reject

Firewall rejects the packets.

Firewall log shows rejected.

Firewall rejects the packets.

Firewall log shows rejected.