Question about viewing/monitoring external connections and activity
I have a Sonicwall NSM 3600 with IDS/IPS enabled and logging as well as NSM Advanced hosted.
I am just curious why I can't seem to find any log information for certain activity. The activity is as follows:
- User from within the network/behind the Sonicwall goes to a website, example: www.sonicwall.com (which resolves to 184.108.40.206. When I go to INVESTIGATE -- Connection Logs and search "sonicwall.com" or "220.127.116.11", nothing comes up. I can also not find it in NSM.
- I perform an intense port scan with zenmap from my laptop using an alternate WAN IP (such as hotspot to ensure the traffic is not coming from within my network) such as 18.104.22.168 (only an example IP). When I go to INVESTIGATE -- Connection Logs and search "22.214.171.124", I don't see anything.
Yes, I am aware that I can enable the network monitor but that is not ideal to leave running 24/7. Doesn't the Sonicwall still log all connections and activity that his the WAN IPs?