Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Network monitor through VPN causing high log entries.

I have TZ series firewalls setup in a hub and spoke VPN.

The hub lan has a network monitor that pings remote network addresses through the VPNs.

This is causing a high volume of IPS 608 Log entries on the hub firewall. At least one for each ping.

Is there any way to keep from getting these log entries for this activity over the VPN only?

Category: Firewall Security Services
Reply

Best Answer

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @ASIRWA you might disable logging for low prio events all along or you exclude the ip of your nework monitor for the signatures ICMP PING and ICMP Echo Reply.

    --Michael@BWC

  • ASIRWAASIRWA Newbie ✭

    The 608 ID is an ALERT level event. Which is generally appropriate for Intrusion Protection System.

    Can you point me to the documentation on how to "exclude the ip of your network monitor for the signatures ICMP PING and ICMP Echo Reply"? That sounds much more like what I want to do. Just exclude the known legitimate traffic.


    Thanks.

  • ASIRWAASIRWA Newbie ✭

    Found the IPS exclude. Trying it.

Sign In or Register to comment.