Support Center

Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

No website Activity Logged

Brian Oakes Apr 19, 2017 05:59PM PDT

Howdy!

Without opening a ticket with SonicWALL, any idea why we are seeing zero events logged under
Security Services\Content Filter\Website Accessed and Website Blocked?

However at looking at
Log\Syslog\Syslog Website Accessed I see plenty of events??

We are running a Demo key, I love the improvements made. Assuming we will be able to log the web traffic, then we will surely get licenses. :) Appreciate it!

Up 0 rated Down
Fastvue Apr 19, 2017 06:39PM PDT FASTVUE Agent
Hey Brian,

Thanks for getting in touch about this.

The Log\Syslog\Syslog Website Accessed events are the main events we pay attention to for website activity. The other two events I believe are logged when the IPS feature is responsible for blocking/allowing traffic rather than the CFS feature. But I'll try to get some clarification on that from SonicWall and get back to you.

Cheers!
Scott
Up 0 rated Down
Brian Oakes Apr 19, 2017 09:03PM PDT
Thanks Scott,

Long time no chat. :) ok, if the Log\Syslog\Syslog Website Accessed/Website Blocked is what is logged, then I am not seeing the activity in FastVue and definitely not the categories etc.

I am going to let it run again over night and then tomorrow to gather more data. IN out case, we are just logging activity. Nothing is blocked, so we should have lots of data. Appreciate it!
Up 0 rated Down
Fastvue Apr 19, 2017 09:05PM PDT FASTVUE Agent
Hey Brian,

If you're now seeing any web traffic, then it could mean that SonicWall's CFS feature is not in play. Make sure it is enabled and you have at least one rule that blocks and/or allows categories to force the traffic to be evaluated against CFS.

Look forward to hearing how you go!

Cheers!
Scott
Up 0 rated Down
Brian Oakes Apr 20, 2017 09:00AM PDT
Howdy!

We have a polcy that allows everything and blocks just Malware, category 59. So based on what I am seeing we should be logging something.

However the productivity sections of the Dashboard are still 0%
Up 0 rated Down
Fastvue Apr 20, 2017 09:02AM PDT FASTVUE Agent
Hey Brian,

Thanks for the information. It sounds like SonicWall is not logging categories for allowed traffic. Can you make sure the "Override Syslog Settings with Reporting Software Settings" checkbox is checked as per this article:
http://www.fastvue.co/sonicwall/blog/sonicwalls-not-rated-syslog-bug-and-workaround

Let us know how you go!

Cheers!
Scott
Up 0 rated Down
Brian Oakes Apr 20, 2017 08:54PM PDT
Currently we are running SonicOS Enhanced 6.2.7.1-23n and I have noticed a few things that are different. I don't even have the Override Syslog Settings with Reporting Software Settings option. Also I noticed the option to apply a CFS Policy at the zone level is gone.

I just opened a trouble ticket with SonicWALL. Since last night, we have had only 25,000 records sent to FastVue accounting the site. So something's definitely not right on the SonicWALL side.

Once I hear back from then I'll let you know.

Up 0 rated Down
Fastvue Apr 20, 2017 09:02PM PDT FASTVUE Agent
Hey Brian,

Thanks for the info. 6.2.7.1 includes CFS 4.0 which completely new. Go to *Firewall | Content FIlter Objects* to check you have some CFS objects (such as a block action and profile to block malicious traffic), then use them in policies in *Security Services | Content Filter* (this is where you apply CFS actions to source/dest zones etc).

I'll also let you know that there's logging bug in 6.2.7.1 where the 'size' of web traffic is incorrectly recorded for anything going through the DPI SSL feature. If you're not using DPI SSL then this won't be an issue, but we recommend enabling it to report on google search terms, youtube video IDs and anything else where the key information is beyond the 'domain' part of a url. SonicWall are aware of the issue and are currently working on a fix.

I hope this helps! Let us know how you go.

Cheers!
Scott
Up 0 rated Down
Fastvue Apr 25, 2017 09:45AM PDT FASTVUE Agent
Hey Brian,

Just FYI... I had some feedback from SonicWall on when the "Security Services\Content Filter\Website Accessed and Website Blocked" get logged.

Website Blocked (ID 14) is logged when CFS blocks a website.

Website Accessed (ID 16) is only relevant when using CFS 3.0. So don't expect this log event to have anything in the 'Event Count' column if you're using SonicOS 6.2.6 and above (CFS 4.0).

Did you have any luck troubleshooting the issues you were having with SonicWall?

Cheers!
Scott
Up 0 rated Down
Brian Oakes Apr 25, 2017 08:33PM PDT
Yes, all good now. I need some additional tweaks, but definitely over the hump.
Up 0 rated Down
Fastvue Apr 25, 2017 08:33PM PDT FASTVUE Agent
Great to hear!

Let us know if there's anything else we can help with.

Cheers!
Scott
Up 0 rated Down
Jesoni Jan 30, 2018 04:04PM PST
Hi Brian,

Im facing the exact issue, what additional tweaks did you apply?
Up 0 rated Down
Fastvue Jan 31, 2018 06:44AM PST FASTVUE Agent
Hey Jesoni,

What version of SonicOS are you running and what is the exact issue that you're seeing?

Cheers!
Scott

Post Your Public Answer

Your name (required)
Your email address (required)
Answer (required)

Contact Us

  • Post a Public Question
  • Email Us
  • Chat with us

    Call Us @ 888.885.6711
support@fastvue.co
http://assets0.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete