cancel
Showing results for 
Search instead for 
Did you mean: 

Why is there no way to see firewall data on a vSZ?

rob_bush
New Contributor II

Why is there no way to see L2/L3 firewall data?  Given how important it is that the firewall functionality works correctly, why do you not provide any way to see traffic that the firewall is allowing or blocking?  Even if you only provided this data to a 3rd party device such as via syslog or Northbound interface, it should still be something we can look at.

Please add this capability in future releases.  For anyone else reading this, please chime in so that Ruckus understands the importance of providing firewall traffic visibility.  I'm very tired of constantly having to spin up a wireless device to verify if traffic is being blocked correctly.

2 REPLIES 2

syamantakomer
Moderator
Moderator

Hi Rob,

Firewall option in vSZ is not a traditional Firewall, it uses the ACLs on APs/WLANs and none of the data hits controller.

Since it is not a traditional firewall, insights to blocked traffic is limited to AP CLI.

Please contact your regional Ruckus System Engineer or sales team, they will help you to open a feature request behalf of you.

Regards,
Syamantak Omer
Official Rep | Staff TSE | CWNA | CCNA | RASZA | RICXI

eizens_putnins
Valued Contributor

This is actually a good idea, I would say it would be usefull part of client troubleshooting, not existing yet. Most data used for analyses are got from APs, so it should be not a problem for AP reporting ACL statistics. It would be very useful to be able to check where a specific type of traffic is lost or if it is forwarded - to be able to distinguish if the Client gets a specific port blocked on the client, on AP, or somewhere after that -- on the network firewall or on the Internet. it should be an on-demand feature, as logging all traffic will be heavily hitting the performance of AP, as well as it would create a lot of traffic. Currently, you can do it using remote traffic capture with wireshark, and it is already used for DHCP monitoring, so it just needs to be expanded.

It would be good to add such feature to Ruckus Analytics too.