Hello,
We are using Log Insight to view NSX information, we have a Tag setup that sends us blocks, for the most port we se source/destionation, protocol and port, however we are seeing some data where we get the Source and Destination however the Ports are empty and the firewall_protocol is coming over as "PROTO 1". It's really hard to make rules from that since we don't know Ports, we do know the Traffic is coming from a F5 load balancer to a VM.
Any idea how we can add a rule to allow this traffic without opening it up all the way?
-Daniel
Hey Daniel -- Sounds like the issue on the NSX side. LI cannot change the log message. I would advise reporting this in the NSX group.
Its NOT a bug. Proto 1 means its icmp. icmp is a protocol and as such doesnt use ports like application, but have a protocol number assigned by iana.
Have a look here https://www.google.dk/url?sa=t&source=web&rct=j&url=http://www.iana.org/assignments/protocol-numbers...
This is logged corretly.