NSM - how to get web activities reports

Description

Web activities are reported by Content Filter Service. This service needs to be configured properly to make the reports working. Here are the steps:

1.    Make sure CFS is enabled:

 2.    Make sure LAN – WAN CFS policy is enabled: 

3.    Refer to screenshot in step 2, the in use “CFS Default Profile“ has HTTPS Content Filtering enabled: 

4.    Refer to screenshot in step 2, the in use “CFS Default Action” has Flow Reporting enabled: 

If the test computer is behind the firewall, and the user also logs into firewall as administrator, make sure Content Filter policy "Exclude Administrator" is disabled:

Now when you test browsing some websites like cnn.com, log into firewall locally, go to Monitor/AppFlow Monitor/Web Activity, search for key word like cnn, the browsed websites should show up: 

If AppFlow Monitor is not already enabled, need to enabled Local Collector. This requires firewall reboot. Reboot firewall then:

Log into NSM, the same websites cnn.com should show up in Details/Web Activities.

Related Articles

  • SonicWall NSM FQDN And IP List
    Read More
  • How can I enable Zero Touch?
    Read More
  • How to add a firewall to NSM manually
    Read More

Categories

Capture Security Center
Management
Capture Security Center
Reports
Management and Reporting
Network Security Manager
not finding your answers?
Ask the Community