My Firewall/Router Doesn't Have A Firewall Log

I have a firewall/router I just purchased from Netgear that has a SPI firewall in it, but they don't even give you a firewall log to manage it.

I can't believe they'd give people a firewall and no log, completely idiotic.

Well I'm wondering with a hardware router/firewall is there something software wise I can use as a log for the firewall?

One such program I found was the Firewall Analyzer:

http://www.manageengine.com/products/firewall/download.html

Besides this program any great firewall log apps anyone recommends?

THANKS

 

If you are using windows firewall, you can enable logging and there are a number of firewall log parsers. Of course these will not give near the same data a router log would, as router log would have incoming from wan side that was blocked. Also router would show whole subnet data instead of your local machine.

There may be a firmware update for your router, or even an older one may have what you want.

You could also put a packet sniffer in promiscuous mode on a computer on your network. That would show you a lot. Wireshark is one that comes to mind. Many others too.

Sul.

 

Well I just want the best option since stupid Netgear doesn't believe in giving their Home products a log for the firewall.

No there are no firmware updates to fix this. Netgear as it stands now doesn't include a log for the 'Home Product' SPI firewall routers. I mean talk about dumb, so much for having a log that's really need for troubleshooting.

Anyhow I just want to use the best available option for a firewall log for a router.

 

I think you are up the proverbial creek without a paddle.

Let's surmise then that a router would give you access to:
1. incoming logs from wan side
2. outgoing logs from all lan side machines

whereas a software firewall will provide:
1. incoming logs from router (requested web) or local lan side
2. outgoing logs to lan (including router/web)

As I see it, from what I know, you have 2 options depending on your goal.

To catch all local traffic, you would need another machine running some form of packet sniffer. Gather all packets on the network, then parse out to whom what belongs and what the traffic was doing.

To monitor your own machine, it could be as simple as turn on windows firewall and have it log. Install a 3rd party firewall with good logging abilities. Or some other tool that monitors and logs your machines network activity without actually interfering with operations.

I know it does not help you, but there is a great program called WallWatcher, that will work with many routers. It runs on a machine, yours or a server or any extra you have. It gathers the routers logs, and is pretty simple to look at what is going on. Very interesting to see. You are kinda left hanging without that built into the router. A packet sniffer might be overkill for you, but it will do what you ask and then some.

Sul.

 

Oh well maybe time to get another router and forget Netgear since they are so stupid to not put a log in for their firewall on their Home product...

Complete stupidity....

 

post made in error...

 

That's a bummer. I have Netgear but now after 5 years or so I realize this is FVS318 ProSafe and meant for business and not home networking. I have logging and have played with Kiwi syslogd to record what knocks at the door. I guess I just took for granted that all router/firewalls have logging.

Sorry you had such a rude surprise, DasFox.

 

Kiwi syslog is a pretty good program. Have you tried wallwatcher with that router? I preferred it when I was into that stuff.

Sul.

 

It doen's show my version as supported, only a few Netgear products, so not sure it's going to work or not.

crofttk, yeah really stupid that for Netgear's COMPLETE HOME products that have a SPI firewall, none of them have a firewall log.

Netgear seems to really make great products, but we need more people to bitch and get them to come out with firmware updates to include logs...

 

I did some quick reading and just picked Kiwi and gave it a whirl. I accumulated logs for a few days and then loaded them into Excel and counted frequencies of IP address ranges and came up with 80% or so from China.

I guess that result didn't surprise me. I have set it aside for the time being.

Some of the stuff I've read here lately at Wilders just boggles my mind, like this tunneling and anti-anti-sniffing stuff. Sometimes I just want to go back to writing paper checks and licking stamps... Thank goodness all seems to be working here anyways and my bank accounts appear to be unmolested.

I hope you can find something you'll be happy with in your other thread, DasFox, if you decide to scrap the Netgear.

 

Wouldn't Kiwi syslog work with the router, just like, as if the router had it's own log? I mean seeing everything like it should?

 

I assume this router has an interface you can log into to administer the settings, say from an internet browser by entering an IP address. Mine is at 192.168.0.1. Although yours has no log, perhaps it has a setting for an address to send syslogs to, i.e., the machine where you have Kiwi installed? My screen is like so:


Unless you have this kind of setting, I'm not sure how or if you can do it.

 

Nope I have nothing in this other then just a basic log showing some connections on it.

I think that I should probably get a FWG114P:

http://www.netgear.com/Products/VPNandSSL/WirelessVPNFirewallRouters/FWG114P.aspx

But then I noticed in the specs it's not listing WPA2, just says, WPA... Hmmm

 

Well, I wouldn't necessarily try to sell you on Netgear and the VPN capability you may be paying more for - you'll have to decide if it's a value for you and the way you want to use it. I never used the VPN feature but have always been pleased with the capabilities of mine,

As I made my purchase several years back, for Ethernet, and then bought two identical Netgear WPN802 WAPs (one to use as repeater) to assure compatibility with my Router, I would not have a good comparative knowledge base across manufacturers to work from.

Maybe another manufacturer has the features, including logging, that you want without having to move up to a business class device at extra expense?

I think WEP is better security now than WPA and I forget the disctinction between WPA & WPA2. If I recall correctly, to use my WAPs with one as a repeater I had to step down to WPA level security and I didn't like that, but after reading alot here at Wilders and other places, I decided that, as long as I saw no suspicious vehicles parking around my neighborhood or strangers walking around with laptops, I will probably be OK.

 

I just want a good router with wireless that has a firewall and with a damm log in it, LOL...

WPA2 is the highest encryption, better then WEP...

 

Yep, you're right, my bad. It was WEP I had to fall back to.

 

I have the Dlink DIR-655N. It has currently 1765 log entries. Log options are (checkboxes)
Firewall & Security
Critical
System
Warning
Router Status
Informational

There is a statistics page, with lan,wan and wireless stats, consisting of
Sent
TX dropped
RX dropped
Collisions
Errors

Also are internet sessions and wireless pages, where a table exists with these columns
Local IP : NAT : Internet : Protocol : State: Direction : Priority : Time Out

Router is capable of logging to a syslog server

Router is capable of emailing logs when log is full or on a schedule

Access restriction allows logging

Lots and lots of information.

I have been very happy with this router. But also Linksys routers had good logs too. I just like the firmware in Dlink much better than Linksys otherwise I would probably use one still. Much more flexible. For example, on port forwarding older Linksys models had only room for a small amount of entries. All of the Dlinks I have used are at least double memory space.

Sul.

 

Sully, this is your router?

http://www.dlink.com/products/?sec=1&pid=530

I thought there were issues with the N's and better to go with G?

THANKS

P.S. If I go with D-Link I'll grab the DIR-625 RangeBooster N Router:

http://www.dlink.com/products/?sec=1&pid=501

 

Yes, that is the router. As far as N goes, I don't have an N NIC. I do have G, and family has brought laptops over. Range is very good IMO. Much better than last Linksys G I had, I think something like wr45tg or something.

The router previous to this was a Dlink Gamer Lounge 4 port. It was about the only gigabit router at the time I could find, and thought the gaming portion was just fluff. I was very happy with that router, but wanted to replace that because I was using my Linksys for wireless signals and Dlink as gateway.

Anyway, the newer Gamers Lounge router is very similar to the 655 I have now. I researched them and then looked at the manuals. Not much difference other than what they call Game Fuel Priority. The 655 has QOS, which I am here to tell you, works marvelously. I had never thought it would, but it is nice for me to put my IP as the top priority. Now if kids or wife are online, I can still stream a movie or whatever without any noticing. Before it was not the case.

Some reviews rate Dlink as mediocre. Some have said they are the worst they ever had. I have had 3 now, and all 3 have been flawless with one exception. The first one did not like a specific onboard NIC, and when that NIC was linked, it 'chattered' across the network. That is the only issue I have had with them. But thier firmware is full of more stuff than I use. Having recently played with a nice VPN Dual Redundant WAN router, I would say the Dlink home use line is better in firmware that those really expensive ones.

My buddy has the same 655 router as I, and he reports the same good range of signal and no problems thus far. Not that it means much as 2 out of thousands is hardly worthwhile of stamp of approval

Sul.

 

Sully, well I got off the phone today with Netgear's corporate office, spoke to the manager of product development, who agreed with me that the Home product range that has a SPI firewall in it needs to have a firewall log, so I might of just helped today to change the course of Netgear's Home product line.

We'll just have to wait, but he told me he would stay in touch to let me know and in the meantime asked me to send a screenshot of the Linksys router I'm using to get ideas on how to make this log.

If I get a positive reply back that they are going ahead with this to make firmware updates on all the Home products to include a firewall log I'll make a post, something like, 'Netgear Looking For Firewall Log Feedback'

So keep your eyes peeled, I hope to see this change...

P.S. It says this about the 625: 'Award-Winning QoS Engine for Superior VoIP and Online Gaming'