Types of Traffic

When enabled, traffic logs are generated whenever traffic hits a rule. These log interactions record information about incoming and outgoing traffic, including the source and destination IP addresses, port numbers, and protocols used. Logs can be incredibly useful to audit the network; monitor activity, investigate potential security breaches, or simply keep an eye on what is happening with your firewall. Traffic visibility can be enabled at any time but we strongly recommend enabling traffic immediately after onboarding a cloud service provider account and assigning a gateway policy.

Enabling traffic visibility is a different process for every cloud account type, but typically you will need to identify account characteristics such as your cloud account's region, VPC/VNet that you want to monitor, network security groups, and a cloud storage account for logs.

If you did not onboard an account with the Easy Setup wizard or if you did not enable traffic visibliilty from the Easy Setup wizard, we strongly recommend enabling the following logs:

• NSG Flow Logs

• VPC Flow Logs

• DNS Logs

• Route53 Query Logging.

Note	You can download logs for flows and events. In the Time Range section, select a time range and click the download icon. A maximum of 10,000 records are downloaded in a single instance. You will need to repeat the step to download larger sets of records.