Is there a way to investigate the VPN disconnect between Astaro SG210 and SonicWall TZ105?
The logs indicate VPN connection established; but did not notice VPN disconnect or WAN port disconnect.
Hi All,
I am new to the Sophos UTM product and a junior network technician, please forgive my ignorance if I haven't explained something correctly as I am still learning and I am not an expert by any means.
I have set up a home lab and use the Sophos…
Problem with that is it doesn't expose all dropped traffic through the log viewer so its kind of useless in this scenario.
Next version has a colour coded, pop out log viewer apparently so are holding out for that.
Hi
This question is from 2008 but i'm facing the same issue with multi searches in the logs for my WebFilter.
I'm trying to look for a bunch of Indicator of Compromise (IOC) domains for the past year.
I tried the suggesting here https://www.sophos…
Posting this here if anyone wants to point their UTM logs to a remote logstash/elasticsearch instance. This is a working sample logstash.conf file.
I pointed my remote logging to my logstash server on port 5140. This works for all of the UTM log types…
Hi there!
We have dozens of clients with UTM's, quite a few of which, are using terminal servers. I've managed to integrate the UTM with AD, but can't think, or find any way to monitor user activity on the UTM.
By this, I mean we want to be able to…
I understand that Sophos UTM 9 can send logs via syslog or snmp. I'm looking to setup external logging; high level idea in image below.
Currently I'm looking at either Splunk or ELK (Elasticache + LogStash + Kibana). Note that I cannot use a managed…
Hi,
i have a simple configuration consting of a local network behind a sophos utm which is connected to an ISP
If i try to do a dns lookup for powerwatch.pw on the client on the local Network (utm is dns server for this network) i get only a "request…
So, the Daily Executive Report has a fair amount of "unclassified" traffic. Is there anything I could do to determine what this traffic is without staring at the log all day? Where if any documentation would allow me to understand this better? The utm9351…
Hi All,
Is it possible to disable firewall logging for some specific hosts or networks? I have some hosts that are trying to connect to external ports that I'm blocking (Honeywell services), and that's generating a lot of logging. I would like to not…
Hi,
After configuring the user portals on the SG310 UTM 9 it appear once the users names in the reporting and logging under the web protection and now its just IP's.
The setup of the Authentication services : Create user automatechly for the web filter…
I've just found out from the training the following:
The logs are stored in a first in first out (FIFO) cache, with up to 1,100 logs per module being stored. When the cache for a module reaches this limit, the first 100 logs are deleted. The cache is…
Hi, I installed the UTM Software on an apu1d4.
It works quite well so far but there are two things that bother me.
First thing is the data disk. I have a 16GB msata installed in the system but the UTM installer didn't use all of the space.
Especially…
Hello all,
I've been searching everywhere for this, maybe someone here has more insight than I'm able to find.
I have a UTM 9, version 9.315-2. I noticed from the executive report that I have a bandwidth hog that I wanted to dig deeper into. Problem…
