-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
How to enable Firewall alerts in the Capture Client Endpoint Devices?
06/03/2020 
3 People found this article helpful
475,201 Views
Description
SonicOS 6.5.4.5 provides a new option to enable push notifications from the firewall to the Capture Client endpoint when a connection is blocked or traffic is dropped due to actions by other SonicWall security services.
Resolution
1. To enabled Firewall Alerts, login in your SonicWall Firewall and go to Manage | Security Services | Client AV Enforcement page:
These alerts notifications provide a summary of the event containing the following information:
- Timestamp
- Source IP/Port
- Destination IP/Port
- Category:
- App Control
- Botnet
- Geo-IP Filter
- Content Filter Service
- Gateway Anti-Virus
- Anti-Spyware
- Capture ATP
Example of the alerts displayed in the Capture Client endpoint:
2. Enable Debug logs in the Capture Client to see the firewall alerts in the logs:
Right click on the Capture Client icon in the endpoint device | Preferences |Debug Logging.
To pull debug logs, double click on the Capture Client icon. Under DIAGNOSTICS | Logs tab, click on View Logs:
Can I disable the alert messages in the endpoint, but keep logging the drops from the firewall?
Yes, you can. It has to be done on each PC: For Windows machines, go to Notifications and actions settings and disable/hide notifications for Capture Client.
Related Articles
- How to Decommission and Remove Devices in Capture Client Console
- SonicWall Capture Client and Jamf Pro
- Capture Client – Pre-requisites for Windows
YES
NO