This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Network Protection Firewall Violations - Where am I going wrong and how to fix

Still at lowest end of learning curve and have found that I am getting 80+ firewall violations reported daily and 0 prevention statistics.

I am very concerned that I have something wrong with my protection and seek help in identifying where to look and how to fix please.

Budge.



This thread was automatically locked due to age.
Parents
  • I don't really understand what you are asking about/concerned about.  Are you seeing IPS violations, dropped destination/source hosts and thinking this is an issue?  Is it web traffic being blocked/reported?  

    Can you copy/paste the log in which you are referring, and/or click and drag a screenshot into the reply window so we can see what you are specifically referring to?

    UTM - 9.711 | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SATA HDD | GB Ethernet x5

Reply
  • I don't really understand what you are asking about/concerned about.  Are you seeing IPS violations, dropped destination/source hosts and thinking this is an issue?  Is it web traffic being blocked/reported?  

    Can you copy/paste the log in which you are referring, and/or click and drag a screenshot into the reply window so we can see what you are specifically referring to?

    UTM - 9.711 | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SATA HDD | GB Ethernet x5

Children
  • Hi and thanks for the reply.

    The screenshot is what is worrying me and I have no idea where the problem lies.

    I can copy and past log but I shall need some guidance on which log please

  • Firewall-violations are ok.

    Here are all packets counted, you don't allow passing the firewall.

    Even if you use an "any - any - any" rule you will see/count dropped packets. These may be broadcasts or packets directed to interface-IP of the firewall.

    if your services are available .. without problems ... you can ignore the dropped packets / Firewall-violations (we have multiple hundred per minute at the company)

    You can open the firewall-live-log and take a look to the allowed/dropped packets. You may post these logs if there are questions.

    PS: IPS-violations = 0  is good too.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • This is normal and showing you the UTM is doing its job.  

    UTM - 9.711 | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SATA HDD | GB Ethernet x5

  • Many thanks to both Dirk and Amodin for putting my mind at rest. 

    I do had one minor problem with the second WAN connection as the configuration options which Dirk linked me to are not quite as I find on the UTM. 

    Rather than set the second WAN connection as a fallback if my main connection fails I have set the percentage 90% to 10% between primary and secondary connection and will see how I get on.  May need to tweak a bit.

    Meanwhile my thanks to all,

    Budge.