Question about viewing/monitoring external connections and activity
lostbackups Newbie ✭
I have a Sonicwall NSM 3600 with IDS/IPS enabled and logging as well as NSM Advanced hosted.
I am just curious why I can't seem to find any log information for certain activity. The activity is as follows:
- User from within the network/behind the Sonicwall goes to a website, example: www.sonicwall.com (which resolves to 188.8.131.52. When I go to INVESTIGATE -- Connection Logs and search "sonicwall.com" or "184.108.40.206", nothing comes up. I can also not find it in NSM.
- I perform an intense port scan with zenmap from my laptop using an alternate WAN IP (such as hotspot to ensure the traffic is not coming from within my network) such as 220.127.116.11 (only an example IP). When I go to INVESTIGATE -- Connection Logs and search "18.104.22.168", I don't see anything.
Yes, I am aware that I can enable the network monitor but that is not ideal to leave running 24/7. Doesn't the Sonicwall still log all connections and activity that his the WAN IPs?
Category: Mid Range Firewalls
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
Correction - I meant to say I have a NSA 3600
What log are you looking at, on NSM or on the device itself?
Have you enabled/adjusted all log settings?