Unable to monitor Web Activity
Best Answer
-
CORRECT ANSWER
BWC
Cybersecurity Overlord ✭✭✭
We're getting close, any hits on these CFS Rules?
Did you checked in your Content Filter Actions Objects that "Enable Flow Reporting" is configured.
—Michael@BWC
0
Answers
Do you have enabled "/Device/AppFlow/Flow Reporting" ?
As you can see sir the appflow is enabled
Did you turn on AppFlow reporting for the interface on which you want statistics captured/generated?
Review this KB article for details:
https://www.sonicwall.com/support/knowledge-base/enabling-the-real-time-monitor-and-appflow-collection-in-sonicos-enhanced/170503566814827
Yes I have enabled flow reporting on interface X0 which is my LAN as you can see in below screenshot
@alijan125 do you have CFS (with DPI-SSL) enabled? Otherwise Web Activity will be left blank, even if App Flow is enabled.
—Michael@BWC
Sir I have enabled CFS as shown in below screenshot
also sharing screenshots of DPI-Client SSL & Server SSL. Please guide me whats wrong
Do you have the Content Filter Rule enabled as well? HTTPS traffic might be not visible without Client DPI-SSL enabled.
—Michael@BWC
Yes Sir Content Filter Rule is enabled
Please check Policy → Rules and Policies → Content Filter Rules that the is a rule enabled and if the Hit Count statistics show any hits.
—Michael@BWC
Sir I found the rules as shown above
Sir I turned on DPI-Client SSL as shown below but still web activity is empty
After enabling DPI Client SSL Still I am getting web activity blank as shown below
Did you checked the following?
Keep in mind that QUIC will not be checked against CFS and therefore not visible in Web Activity. You can force HTTP2 by dropping all udp/443 traffic from ANY to WAN.
—Michael@BWC
Sir in Content filter rules I found 4 rules. Can you please help me what should I do as I am not good enough in this regard little bit feeling confuse please sir guide me step by step easily to achieve my problem. I have shared all the screenshots. I did not understand HHTP2 by dropping all udp/443 traffic from ANY to WAN. While in Content filter rule in the last there is LAN to WAN zones defined
I found CFS default action sir in last cfs rule LAN to WAN
sir I found flow reporting disable in CFS rules how can I enable please guide sir
Sir I enabled flow reporting in Object-Action Objects-Content Filter Action-Enabled Flow reporting. Now I am able to see web activity Sir. Thanks for your great help. God bless you sir
I'am glad that you found the final needle in the haystack and I was able to guide you through it.
Take care and have a great start into 2025.
—Michael@BWC
Did you checked in your Content Filter Actions Objects that "Enable Flow Reporting" is configured.
No Sir, there was an issue that Flow reporting was not configured. Great Help Sir. I am once again thankful Sir
Sir how can I identify the users who are using these websites which are shown in web activity?
You need to setup SSO to have your Firewall identify each user behind your LAN IPs. Usergroup Everyone should work in the CFS Policy for Included users.
Use this guide for orientation
https://www.sonicwall.com/support/knowledge-base/how-can-i-setup-cfs-policies-with-ldap-and-sso-to-restrict-internet-access-on-cfs/170505721991619
—Michael@BWC
Thanks Sir for valuable information.