You have created a firewall with rules that only allow traffic over HTTP, HTTPS, and SSH ports.
While testing, you specifically try to reach the server over multiple ports and protocols; however, you do not see any denied connections in the firewall logs.
You want to resolve the issue.
What should you do?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
When testing a firewall, if you are unable to see any denied connections in the firewall logs, it is possible that the firewall is not properly configured to log denied connections. To resolve this issue, there are several options available, including:
A. Enable logging on the default Deny Any Firewall Rule This option involves enabling logging on the default Deny Any Firewall Rule. This rule is typically at the end of the firewall rule list and is triggered when none of the other rules match the traffic. By enabling logging on this rule, you can capture any traffic that is denied by the firewall. However, this can generate a large number of logs, including traffic that is not relevant, and can make it difficult to identify issues.
B. Enable logging on the VM Instances that receive traffic This option involves enabling logging on the VM Instances that receive traffic. This can help you to identify whether traffic is reaching the VM Instances and whether the VM Instances are responding. However, this may not provide information about whether the firewall is blocking any traffic.
C. Create a logging sink forwarding all firewall logs with no filters This option involves creating a logging sink that forwards all firewall logs with no filters. This can help you to capture all firewall logs, including those related to denied connections. However, this can generate a large number of logs, which can be difficult to analyze.
D. Create an explicit Deny Any rule and enable logging on the new rule This option involves creating an explicit Deny Any rule and enabling logging on the new rule. This allows you to capture logs for any traffic that is explicitly denied by the firewall. However, this can generate a large number of logs, including traffic that is not relevant, and can make it difficult to identify issues.
Overall, the best option depends on the specific use case and requirements. Enabling logging on the default Deny Any Firewall Rule or creating an explicit Deny Any rule and enabling logging on the new rule can help you to capture logs related to denied connections. However, this can generate a large number of logs and may make it difficult to analyze. Creating a logging sink that forwards all firewall logs with no filters can help you to capture all firewall logs, but may also generate a large number of logs that are difficult to analyze. Enabling logging on the VM Instances that receive traffic can help you to identify whether traffic is reaching the VM Instances, but may not provide information about whether the firewall is blocking any traffic.