Types of Traffic

When enabled, traffic logs are generated whenever traffic hits a rule. These log interactions record information about incoming and outgoing traffic, including the source and destination IP addresses, port numbers, and protocols used. Logs can be incredibly useful to audit the network: monitor activity, investigate potential security breaches, or simply keep an eye on what is happening with your firewall. Traffic visibility can be enabled at any time but we strongly recommend enabling traffic immediately after onboarding a cloud service provider account and assigning a gateway policy.

Enabling traffic visibility is a different process for every cloud account type, but typically you will need to identify account characteristics such as your cloud account's region, VPC/VNet you want to monitor, network security groups, and a cloud storage account for logs.

If you did not onboard an account with the Easy Setup wizard or if you did not enable traffic visibliilty from the Easy Setup wizard, we strongly recommend enabling the following logs:

• NSG Flow Logs

• VPC Flow Logs

• DNS Logs

• Route53 Query Logging