Overview
Users can check the protocol of their web traffic via the Umbrella Dashboard and in the firewall logs.
Protocol Indication in the Umbrella Dashboard
To check the protocol of your web traffic on your Umbrella Dashboard, go to Reporting > Activity Search > Column. Check Protocol and click Apply:
You may need to scroll to the right to find the Protocol column.
Protocol Indication in the Firewall Logs
You can also download the Umbrella logs from either Cisco's managed S3 bucket or your own S3 bucket:
"2020-06-09 18:53:49","[419244240]","raspberrypi","Network Tunnels",
"OUTBOUND","17","75","192.168.64.112","57405","8.8.8.8",
"53","nyc1.edc","1614180","ALLOW"
The "IpProtocol" input is the 6th value in the logs. The above example indicates that this particular web traffic is UDP for 17. ICMP traffic will be identified as 1 and TCP traffic will be identified as 6. More information about Cloud Firewall Logs can be found here: Log Format and Versioning - Cloud Firewall Logs
Comments
0 comments
Article is closed for comments.