How/why are settings changed automatically?
davetapley
Newbie ✭
I have a TZ300 and dump its config with `export current-config cli` to compare it with a version I keep in version control.
Intermittently something in the config changes, and it's not me changing it.
E.g. most recently `log-monitor redundancy-interval` was changed from 0 to 300.
Category: Firewall Management and Analytics
0
Answers
Are firmware updates being applied? Is the firewall managed by GSM / CSC / NSM? Are there other admins accessing the unit?
No other admins. What are GSM / CSC / NSM?
Hi @DAVETAPLEY,
Thank you for visiting SonicWall Community.
GMS/CSC/NSM are management tools to administrator single or multiple firewalls from a single tool. If you are using any of such tools along with the firewall, then there is a possibility of settings change happening in the firewall. The setting change doesn't happen automatically from these management tools unless administrator performs an action.
May be you have to tweak the log settings on the SonicWall for better and precise audits if you find there are no management tools involved.
Regards
Saravanan V
Technical Support Advisor - Premier Services
Professional Services
Okay I can confirm we are not using GMS/CSC/NSM.
Some more configuration has added itself since my last post, if that gives any clues. Here are some examples:
no enforce-http-host-check
no management fqdn-assignment
log category Log group AWS
log category Log group AWS event "AWS Log export Failed"
log category Users group "Authentication Access" event "User is now locked out"
Hi @davetapley
You can check the "Auditing records" in Firewall for the configuration changes record. It will give you the details since the last reboot.
Navigate to Log-->Auditing Records.
More more info: please see the KB: