Baseline retention
On a gateway running the basic firewall — that is, without Advanced Security or HIPAA BAA features enabled — the system keeps modest inbound logs, basic reporting data, and a limited record of LAN device activity (the list of devices currently or recently present on the LAN, plus traffic records).
How long these logs survive before they wrap depends on the volume of traffic at the site. In typical small-business deployments the window is a few weeks up to roughly two months.
Probe and attack records
- Detailed records of probes and attack sources are retained for two to three weeks.
- Consolidated records of the same activity are rolled into round-robin databases at progressively coarser granularity, which hold the data for up to one year.
This gives short-term incident detail for investigation alongside longer-term trend visibility, without the storage cost of keeping every packet record indefinitely.
With Advanced Security
Turning on Advanced Security increases the level of detail captured in the logs. The most visible difference is that malicious threats detected and blocked by Threat Analysis are recorded with significantly more context than the basic firewall captures on its own.
With HIPAA compliance
Adding HIPAA compliance on top of Advanced Security raises the bar again. Both inbound and outbound traffic is logged in more detail, connection statistics are recorded, and the audit trail meets the expectations set by the HIPAA Security Rule for activity logging on systems that handle EPHI.