Still at lowest end of learning curve and have found that I am getting 80+ firewall violations reported daily and 0 prevention statistics.
I am very concerned that I have something wrong with my protection and seek help in identifying where to look and how to fix please.
Many thanks to both Dirk and Amodin for putting my mind at rest.
I do had one minor problem with the second WAN connection as the configuration options which Dirk linked me to are not quite as I find…
I don't really understand what you are asking about/concerned about. Are you seeing IPS violations, dropped destination/source hosts and thinking this is an issue? Is it web traffic being blocked/reported?
Can you copy/paste the log in which you are referring, and/or click and drag a screenshot into the reply window so we can see what you are specifically referring to?
UTM - 9.711 | Intel Xeon 4-core v3 1225 3.20Ghz 16GB Memory | 500GB SATA HDD | GB Ethernet x5
Hi and thanks for the reply.
The screenshot is what is worrying me and I have no idea where the problem lies.
I can copy and past log but I shall need some guidance on which log please
Firewall-violations are ok.
Here are all packets counted, you don't allow passing the firewall.
Even if you use an "any - any - any" rule you will see/count dropped packets. These may be broadcasts or packets directed to interface-IP of the firewall.
if your services are available .. without problems ... you can ignore the dropped packets / Firewall-violations (we have multiple hundred per minute at the company)
You can open the firewall-live-log and take a look to the allowed/dropped packets. You may post these logs if there are questions.
PS: IPS-violations = 0 is good too.
Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum PartnerSophos Solution Partner since 2003 If a post solves your question, click the 'Verify Answer' link at this post.
This is normal and showing you the UTM is doing its job.
I do had one minor problem with the second WAN connection as the configuration options which Dirk linked me to are not quite as I find on the UTM.
Rather than set the second WAN connection as a fallback if my main connection fails I have set the percentage 90% to 10% between primary and secondary connection and will see how I get on. May need to tweak a bit.
Meanwhile my thanks to all,