Still at lowest end of learning curve and have found that I am getting 80+ firewall violations reported daily and 0 prevention statistics.
I am very concerned that I have something wrong with my protection and seek help in identifying where to look and how to fix please.
I don't really understand what you are asking about/concerned about. Are you seeing IPS violations, dropped destination/source hosts and thinking this is an issue? Is it web traffic being blocked/reported?
Can you copy/paste the log in which you are referring, and/or click and drag a screenshot into the reply window so we can see what you are specifically referring to?
UTM - 9.713-19 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz 16GB Memory | 500GB SATA HDD | GB Ethernet x5
Hi and thanks for the reply.
The screenshot is what is worrying me and I have no idea where the problem lies.
I can copy and past log but I shall need some guidance on which log please
Firewall-violations are ok.
Here are all packets counted, you don't allow passing the firewall.
Even if you use an "any - any - any" rule you will see/count dropped packets. These may be broadcasts or packets directed to interface-IP of the firewall.
if your services are available .. without problems ... you can ignore the dropped packets / Firewall-violations (we have multiple hundred per minute at the company)
You can open the firewall-live-log and take a look to the allowed/dropped packets. You may post these logs if there are questions.
PS: IPS-violations = 0 is good too.
Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum PartnerSophos Solution Partner since 2003 If a post solves your question, click the 'Verify Answer' link at this post.