Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

How/why are settings changed automatically?

I have a TZ300 and dump its config with `export current-config cli` to compare it with a version I keep in version control.

Intermittently something in the config changes, and it's not me changing it.

E.g. most recently `log-monitor redundancy-interval` was changed from 0 to 300.

Category: Firewall Management and Analytics
Reply

Answers

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Are firmware updates being applied? Is the firewall managed by GSM / CSC / NSM? Are there other admins accessing the unit?

  • SaravananSaravanan Moderator

    Hi @DAVETAPLEY,

    Thank you for visiting SonicWall Community.

    GMS/CSC/NSM are management tools to administrator single or multiple firewalls from a single tool. If you are using any of such tools along with the firewall, then there is a possibility of settings change happening in the firewall. The setting change doesn't happen automatically from these management tools unless administrator performs an action.

    May be you have to tweak the log settings on the SonicWall for better and precise audits if you find there are no management tools involved.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • davetapleydavetapley Newbie ✭

    Okay I can confirm we are not using GMS/CSC/NSM.

    Some more configuration has added itself since my last post, if that gives any clues. Here are some examples:

    no enforce-http-host-check

    no management fqdn-assignment

    log category Log group AWS

    log category Log group AWS event "AWS Log export Failed"

    log category Users group "Authentication Access" event "User is now locked out"

  • AjishlalAjishlal Community Legend ✭✭✭✭✭

    Hi @davetapley

    You can check the "Auditing records" in Firewall for the configuration changes record. It will give you the details since the last reboot.

    Navigate to Log-->Auditing Records.

    More more info: please see the KB:


Sign In or Register to comment.