.. _Firewall Diagnostics: Firewall ########### You can find the Firewall Diagnostics at **Diagnostics → Firewall → Firewall**. .. image:: img/Diagnostics-Firewall.png :width: 100% :align: center :alt: Firewall Diagnostics .. image:: img/Diagnostics-Firewall2.png :width: 100% :align: center :alt: Firewall Diagnosgtics There are three tabs. In the **Log** tab you can browse, search and parse the current firewall log. Each log entry comes from the firewall log. Be aware that by default only deny entries are logged. If you need more logging, turn it one in each firewall rule :ref:`Firewall Rules (Forward and Input)`. You can also *create a firewall rule* directly from a log entry by hitting the action symbol on the right. Source and destination IPs can show reverse DNS entry on hover, as long as the VT AIR can resolve the IP. In the **Ruleset** tab you can see the current system firewall ruleset. The **Dashboard** tab provides an interactive view of the collected data from log events. .. _Diagnostics Firewall Ruleset: Firewall Dashboard ******************************** The dashboard shows you firewall information by country and origin. The dashoard is a convenient way of visualising the event data. .. image:: img/Diagnostics-Firewall-Dashboard1.png :width: 100% :align: center :alt: Firewall Dashboard .. image:: img/Diagnostics-Firewall-Dashboard2.png :width: 100% :align: center :alt: Firewall Dashboard World Map .. note:: Logfile Analysis needs to be enabled to see data in the Dashboard. It is disabled by default as it costs performance. It can be enabled at :ref:`Core Settings`. Ruleset ********* The ruleset tabs shows you the current firewall rules in the system. .. image:: img/Diagnostics-Firewall3.png :width: 100% :align: center :alt: Firewall Diagnosgtics .. _Diagnostics Firewall Trace: Trace ********* If you enabled the trace option on one or more firewall rules, matching traffic can be seen here. This is a good tool to debug your firewall rules. The packet will be followed through the firewall from DNAT to rule until SNAT.