Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 5 subscribers
  • Views 3296 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Network Protection Firewall Violations - Where am I going wrong and how to fix

Budgie2

Still at lowest end of learning curve and have found that I am getting 80+ firewall violations reported daily and 0 prevention statistics.

I am very concerned that I have something wrong with my protection and seek help in identifying where to look and how to fix please.

Budge.



This thread was automatically locked due to age.
Parents
  • 0

    I don't really understand what you are asking about/concerned about.  Are you seeing IPS violations, dropped destination/source hosts and thinking this is an issue?  Is it web traffic being blocked/reported?  

    Can you copy/paste the log in which you are referring, and/or click and drag a screenshot into the reply window so we can see what you are specifically referring to?

    PFSense Plus 23.05 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | Fiber Conn (awaiting ATT Fiber)
    (Former Sophos UTM Veteran, XG Rookie)

  • 0 in reply to Amodin

    Hi and thanks for the reply.

    The screenshot is what is worrying me and I have no idea where the problem lies.

    I can copy and past log but I shall need some guidance on which log please

  • 0 in reply to Budgie2

    Firewall-violations are ok.

    Here are all packets counted, you don't allow passing the firewall.

    Even if you use an "any - any - any" rule you will see/count dropped packets. These may be broadcasts or packets directed to interface-IP of the firewall.

    if your services are available .. without problems ... you can ignore the dropped packets / Firewall-violations (we have multiple hundred per minute at the company)

    You can open the firewall-live-log and take a look to the allowed/dropped packets. You may post these logs if there are questions.

    PS: IPS-violations = 0  is good too.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Reply
  • 0 in reply to Budgie2

    Firewall-violations are ok.

    Here are all packets counted, you don't allow passing the firewall.

    Even if you use an "any - any - any" rule you will see/count dropped packets. These may be broadcasts or packets directed to interface-IP of the firewall.

    if your services are available .. without problems ... you can ignore the dropped packets / Firewall-violations (we have multiple hundred per minute at the company)

    You can open the firewall-live-log and take a look to the allowed/dropped packets. You may post these logs if there are questions.

    PS: IPS-violations = 0  is good too.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

Children
No Data
Unfiltered HTML