Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

How do I stop alerts for a single host?

erenouferenouf Newbie ✭
in Firewall Management and Analytics

I have a TZ 670 running the latest 7.0x firmware and I get frequent alerts about a possible port scan from a machine in my DMZ. I understand the cause of the traffic, and do not want to see hourly (or more frequent) alerts as it makes it a lot harder to sift through to see if an actual issue demands my attention. I don't want to turn off all port scan alerts, but I would like to stop getting alerts for that particular IP for this.

Is there a way to add an exclusion for that particular host, but still see any other hosts that would trigger the alert?

Category: Firewall Management and Analytics
Reply
Tagged:

Best Answer

  • CORRECT ANSWER
    BWCBWC Cybersecurity Overlord ✭✭✭
    edited January 23 Answer ✓

    @erenouf you can't, the only option is to feed an external syslog with the events and do the alerting over there.

    This was discussed in the past:

    https://community.sonicwall.com/technology-and-support/discussion/5488/port-scan-detected-how-to-whitelist

    —Michael@BWC

Sign In or Register to comment.