Menu

Cheeseman

Newbie ✭
Default Avatar

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

Cheeseman Newbie ✭

Badges (2)

Name DropperFirst Comment
See More

Reactions

0 Promote 0 Helpful 0 Like 0 Spam 0 Abuse

Comments

  • Support got in touch with me and explained that this behaviour is normal. See closing comments below. Problem Description : query on log messages on firewall Action/Analysis : Closed Impact : no impact Data: Customer is noticing CONNECTION OPEN logs for rules which has DENY action informed the customer that for every…
    in False positive or not - NSA2650 and Rapid7 SIEM Comment by Cheeseman August 2021
  • @DaleWest What was the result of the support session? Were the connections dropped on 'Connection Opened' or were they making it through? I've posted a similar question. https://community.sonicwall.com/technology-and-support/discussion/2805/false-positive-or-not-nsa2650-and-rapid7-siem
    in Stealth mode and 'connection opened' in NSA 3600 event logs Comment by Cheeseman July 2021
  • I had not seen that discussion... pretty much exactly what I'm asking here, it's a shame they never came back with the results from the support session! Looks like I'll have to raise a ticket as it doesn't seem to be straightforward. Thank you.
    in False positive or not - NSA2650 and Rapid7 SIEM Comment by Cheeseman July 2021