Syslog is not consistently triggered by the firewall when accessing websites

Description

This article describes a solution to the scenario in which the firewall Syslog settings are configured to send message id 97 (Syslog website accessed) to a Syslog server but the trigger is not consistent, meaning it is kind of hit-miss, although the settings are properly done.


Cause

This is caused  by CFS Fast Scan being enabled which will just scan the first HTTP request inside one connection if possible

Resolution

In order to generate all the syslog events you will need to disable CFS Fast Scan option from the diag page


                                               Image

NOTE: Please be aware that his may cause extra CPU utilization as it will not bypass for fast scan anymore and in addition it will generate more Syslog Events

Related Articles

  • How to block ICMP (Ping ) using Application control
    Read More
  • SonicWall GEN8 TZ and NSa Firewalls FAQ
    Read More
  • How to configure Link Aggregation
    Read More

Categories

Firewalls
NSa Series
Firewalls
TZ Series
not finding your answers?
Ask the Community