Thread Info
  • State Verified Answer
  • Replies 5 replies
  • Subscribers 5 subscribers
  • Views 411 views
  • Users 0 members are here
Options
Suggested

Network Protection Firewall Violations - Where am I going wrong and how to fix

Budgie2
1 month ago

Still at lowest end of learning curve and have found that I am getting 80+ firewall violations reported daily and 0 prevention statistics.

I am very concerned that I have something wrong with my protection and seek help in identifying where to look and how to fix please.

Budge.

Parents
  • 0 1 month ago

    I don't really understand what you are asking about/concerned about.  Are you seeing IPS violations, dropped destination/source hosts and thinking this is an issue?  Is it web traffic being blocked/reported?  

    Can you copy/paste the log in which you are referring, and/or click and drag a screenshot into the reply window so we can see what you are specifically referring to?

    UTM - 9.708 | Intel i3-4150 4th Gen Processor
    16GB Memory | 500GB SATA HDD | GB Ethernet x5

Reply
  • 0 1 month ago

    I don't really understand what you are asking about/concerned about.  Are you seeing IPS violations, dropped destination/source hosts and thinking this is an issue?  Is it web traffic being blocked/reported?  

    Can you copy/paste the log in which you are referring, and/or click and drag a screenshot into the reply window so we can see what you are specifically referring to?

    UTM - 9.708 | Intel i3-4150 4th Gen Processor
    16GB Memory | 500GB SATA HDD | GB Ethernet x5

Children
  • 0 1 month ago in reply to Amodin

    Hi and thanks for the reply.

    The screenshot is what is worrying me and I have no idea where the problem lies.

    I can copy and past log but I shall need some guidance on which log please

  • 0 1 month ago in reply to Budgie2

    Firewall-violations are ok.

    Here are all packets counted, you don't allow passing the firewall.

    Even if you use an "any - any - any" rule you will see/count dropped packets. These may be broadcasts or packets directed to interface-IP of the firewall.

    if your services are available .. without problems ... you can ignore the dropped packets / Firewall-violations (we have multiple hundred per minute at the company)

    You can open the firewall-live-log and take a look to the allowed/dropped packets. You may post these logs if there are questions.

    PS: IPS-violations = 0  is good too.

    Dirk

    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 1 month ago in reply to Budgie2

    This is normal and showing you the UTM is doing its job.  

    UTM - 9.708 | Intel i3-4150 4th Gen Processor
    16GB Memory | 500GB SATA HDD | GB Ethernet x5

  • +1 1 month ago in reply to Amodin

    Many thanks to both Dirk and Amodin for putting my mind at rest. 

    I do had one minor problem with the second WAN connection as the configuration options which Dirk linked me to are not quite as I find on the UTM. 

    Rather than set the second WAN connection as a fallback if my main connection fails I have set the percentage 90% to 10% between primary and secondary connection and will see how I get on.  May need to tweak a bit.

    Meanwhile my thanks to all,

    Budge.   

Unfiltered HTML