SonicOS 184.108.40.206 provides a new option to enable push notifications from the firewall to the Capture Client endpoint when a connection is blocked or traffic is dropped due to actions by other SonicWall security services.
1. To enabled Firewall Alerts, login in your SonicWall Firewall and go to Manage | Security Services | Client AV Enforcement page:
These alerts notifications provide a summary of the event containing the following information:
Content Filter Service
Example of the alerts displayed in the Capture Client endpoint:
2. Enable Debug logs in the Capture Client to see the firewall alerts in the logs:
Right click on the Capture Client icon in the endpoint device | Preferences |Debug Logging.
To pull debug logs, double click on the Capture Client icon. Under DIAGNOSTICS | Logs tab, click on View Logs:
Can I disable the alert messages in the endpoint, but keep logging the drops from the firewall?
Yes, you can. It has to be done on each PC: For Windows machines, go to Notifications and actions settings and disable/hide notifications for Capture Client.