Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Understanding BotNet Report and Researching Deeper

I just setup a new firewall on a network and

1.) I want to make sure there isn't something inside the network already

2. ) I want to understand if something outside is trying to get in, what action the firewall security services (FSS) took.

3.) I want to understand what "Remaining IPs" means

4.) I want to understand why my external IP is listed and has the biggest count

Attached is what I'm seeing (ips have been altered to protect the innocent and guilty)

Thank you in advance

Category: Firewall Security Services
Reply

Answers

  • Bill2024eBill2024e Newbie ✭

    I've tried to find more details about the items listed in that image but don't know where/how to dig in and find more. Looking in the logs I see some but not all of the botnet attempts. My expectation would be to see all of them.

  • ChojinChojin Enthusiast ✭✭

    same here…hopefully someone can answer these question

  • Bill2024eBill2024e Newbie ✭

    so "remaining IPs" means that there are too many IPs for the firewall to display (due to limits of the firewall's ability to "remember" - i.e. low memory/storage). You should be able to go to the logs and see the details. Personally, I'm using syslog to capture everything and building reports off that as the displays are pretty much useless.

Sign In or Register to comment.