filter

mrshahin

Hi,

can someone help me with creating a log filter so I can see which ports are getting through our firewall in direction of a internal server?

I have create a rule that should allow only port 5061 of a internal server being reached from a group of public IPs.

The vendor that I have create the rule for, saying that many other ports get through our Sonicwall and they had to drop those ports by using the firewall on their device.

Any suggestion?

Saravanan

@MRSHAHIN - Leave the source and destination ports field empty. You can put the IP addresses in question to either source IP or destination IP address fields as per the scenario. If its outbound direction, capture the traffic based on destination IP and it its inbound direction, capture the traffic based on source IP address.

TKWITS

You should be looking at using the Packet Monitor, not necessarily the logs.

https://www.sonicwall.com/support/knowledge-base/how-can-i-setup-and-utilize-the-packet-monitor-feature-for-troubleshooting/170513143911627/

mrshahin

Hi @TKWITS thank you for your reply,

You are right, I mean Packet monitor :)

I have create a monitor filter and want to know all incoming ports from 2 IP's, should we use 1024-65353 for the source ports or we should just leave it empty?

Thanks