Secureporter popular websites not relevant

iSpeed
iSpeed Posts: 110  Ally Member
First Anniversary First Comment
edited April 2021 in Security
I've turned on secureporter at 2 sites usg40 and usg60 and most of the data is irrelevant. Popular websites shows a bunch of IP addresses NGINX and none of the sites I visit frequently IE facebook, etc. Anyone else have this working?

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,278  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @iSpeed,

     

    Go to CONFIGURATION > Cloud CNM > SecuReporter.

    Enable “Enable SecuReporter” and “Include Traffic Log”.

     

    Go to MONITOR > UTM Statistics. Make sure “Collect Statistics” of each UTM service is enabled.

     

    If all checkbox mentioned above are already enabled, we need more information to check this issue.

    The required information will be sent in the private message.


  • iSpeed
    iSpeed Posts: 110  Ally Member
    First Anniversary First Comment
    Thank you. The collect statistics checkboxes were not checked. I did not see anywhere in the setup where those needed to be checked. I'll report back now that I have those checked.
  • iSpeed
    iSpeed Posts: 110  Ally Member
    First Anniversary First Comment
    Ok, I've checked the collect statistics, but still no accurate data in popular websites, etc.
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,278  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    The required information is already sent in the private message. 
    You can check your inbox and follow the instructions in the message.
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,278  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @iSpeed,

     

    The root cause is that the traffic hits the security policy rule 1 (HTTP/HTTPS) and no CF profile is applied to this rule.

    After CF profile is applied to rule 1, there are logs for popular website on the SecuReporter server now.

    You can delete/disable rule 1 and then traffic will then hit rule 2.

    Since data is sent to the server, you can monitor the CF reports on SecuReporter.

    Please feel free to let us know if you have further questions on SecuReporter.




  • iSpeed
    iSpeed Posts: 110  Ally Member
    First Anniversary First Comment
    edited November 2018
    Emily,  I was having a hard time getting it working on any other firewall. After a couple hours of testing I found the below. The EZ mode doesn't check the "log all web pages" in the CF UTM profile.
  • Zyxel_Emily
    Zyxel_Emily Posts: 1,278  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    About the design that the EZ mode doesn't check the "log all web pages" in the CF UTM profile, we will check if it would be better to add an option to enable "log all web pages" in the security service ziward.
    Thanks for your suggestion.

Security Highlight