https://community.sophos.com/utm-firewall/f/management-networking-logging-and-reporting/131554/network-protection-firewall-violations---where-am-i-going-wrong-and-how-to-fixStill at lowest end of learning curve and have found that I am getting 80+ firewall violations reported daily and 0 prevention statistics. I am very concerned that I have something wrong with my protection and seek help in identifying where to looken-USTelligent Community 12https://community.sophos.com/thread/483744?ContentTypeID=1Sat, 04 Dec 2021 17:58:56 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:6207b032-e54e-4db0-96b9-ff56419ad1d6Budgie2<p>Many thanks to both Dirk and Amodin for putting my mind at rest.&nbsp; </p> <p>I do had one minor problem with the second WAN connection as the configuration options which Dirk linked me to are not quite as I find on the UTM.&nbsp;</p> <p>Rather than set the second WAN connection as a fallback if my main connection fails I have set the percentage 90% to 10% between primary and secondary connection and will see how I get on.&nbsp; May need to tweak a bit.</p> <p></p> <p>Meanwhile my thanks to all,</p> <p>Budge.&nbsp; &nbsp;</p><div style="clear:both;"></div>https://community.sophos.com/thread/483743?ContentTypeID=1Sat, 04 Dec 2021 17:19:41 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:ad9c6312-363d-4a27-898b-3e52214bb766Amodin<p>This is normal and showing you the UTM is doing its job.&nbsp;&nbsp;</p><div style="clear:both;"></div>https://community.sophos.com/thread/483737?ContentTypeID=1Sat, 04 Dec 2021 16:18:26 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:cdc97c59-9b45-4c3d-b101-8b2987823145dirkkotte<p>Firewall-violations are ok.</p> <p>Here are all packets counted, you don&#39;t allow passing the firewall.</p> <p>Even if you use an &quot;any - any - any&quot; rule you will see/count dropped packets. These may be broadcasts or packets directed to interface-IP of the firewall.</p> <p>if your services are available .. without problems ... you can ignore the dropped packets / Firewall-violations (we have multiple hundred per minute at the company)</p> <p>You can open the firewall-live-log and take a look to the allowed/dropped packets. You may post these logs if there are questions.</p> <p>PS: IPS-violations = 0&nbsp; is good too.</p><div style="clear:both;"></div>https://community.sophos.com/thread/483730?ContentTypeID=1Sat, 04 Dec 2021 10:20:07 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:aa23f67c-37c0-48db-af19-fd296abfad7eBudgie2<p>Hi and thanks for the reply.</p> <p>The screenshot is what is worrying me and I have no idea where the problem lies.</p> <p>I can copy and past log but I shall need some guidance on which log please</p> <p><img src="/resized-image/__size/640x480/__key/communityserver-discussions-components-files/53/pastedimage1638612959029v1.png" alt=" " /></p><div style="clear:both;"></div>https://community.sophos.com/thread/483717?ContentTypeID=1Fri, 03 Dec 2021 20:18:26 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:7d49846b-7826-4186-a71b-009a101b9e0bAmodin<p>I don&#39;t really understand what you are asking about/concerned about.&nbsp; Are you seeing IPS violations, dropped destination/source hosts and thinking this is an issue?&nbsp; Is it web traffic being blocked/reported?&nbsp;&nbsp;</p> <p>Can you copy/paste the log in which you are referring, and/or click and drag a screenshot into the reply window so we can see what you are specifically referring to?</p><div style="clear:both;"></div>