How to enable Firewall alerts in the Capture Client Endpoint Devices?
Description
SonicOS 6.5.4.5 provides a new option to enable push notifications from the firewall to the Capture Client endpoint when a connection is blocked or traffic is dropped due to actions by other SonicWall security services.
Resolution
1. To enabled Firewall Alerts, login in your SonicWall Firewall and go to Manage | Security Services | Client AV Enforcement page:
These alerts notifications provide a summary of the event containing the following information:
- Timestamp
- Source IP/Port
- Destination IP/Port
- Category:
- App Control
- Botnet
- Geo-IP Filter
- Content Filter Service
- Gateway Anti-Virus
- Anti-Spyware
- Capture ATP
Example of the alerts displayed in the Capture Client endpoint:
2. Enable Debug logs in the Capture Client to see the firewall alerts in the logs:
Right click on the Capture Client icon in the endpoint device | Preferences |Debug Logging.
To pull debug logs, double click on the Capture Client icon. Under DIAGNOSTICS | Logs tab, click on View Logs:
Can I disable the alert messages in the endpoint, but keep logging the drops from the firewall?
Yes, you can. It has to be done on each PC: For Windows machines, go to Notifications and actions settings and disable/hide notifications for Capture Client.