Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Gateway AV and packet monitor

djhurt1djhurt1 Newbie ✭
edited October 19 in Mid Range Firewalls

We have a client software that reaches out to an on prem. server for updates. Our TZ570 units are flagging the files as a virus per the cloud database. I've added an exception for one signature now a few days later it's triggering via a different signature. When the update was failing I initially did a packet monitor to see if it was indeed the firewall blocking. I eventually did a monitor of everything and searched the results. No dropped packets. However going through the log monitor there was a plethora of events logged pertaining to a transfer from server A to client B with their specific Ip addresses listed as src and dst accordingly. My question is why do these not show up in packet monitor as dropped? Only in the log monitor. I naively assumed the packet monitor looked at everything on all interfaces and captured accordingly.

Category: Mid Range Firewalls
Reply

Best Answer

Answers

  • djhurt1djhurt1 Newbie ✭
    edited October 21

    @TKWITS

    Interesting that you said that. In the end I did in fact end up setting a blanket exception for the server. Been trouble free for a couple days now.


    I guess the word dropped wasn't the best to use. I was hoping the packet monitor would somehow indicate that something was flagged with the packet since it does hit an interface but doesn't make it through to the DST.

Sign In or Register to comment.