I have a customer who is not licensed for Advanced Firewall but would like to verify if traffic is being blocked by their Default Firewall rule (block everything except DNS / HTTP / HTTPS)
What is the best way to achieve this? They do not have Firewall Insights, due to licensing.
Is there a way to see the blocked traffic within Web Insights?
No, But you can opt only log module license to see the logs.
Besides getting the standalone Logging license (which provides a dashboard in the UI), these logs can be exported via NSS and viewed in an external system.
Thanks for the feedback.
We will be working to get the NSS stood up and get these logs visible.
In the meantime, we were able to see the blocked Firewall traffic in the web logs using the filter “Blocked Policy Type and Name” and selecting “Firewall” for Type.