how can i tell which device triggered a block

hello,
i need to know which computer triggered each block.

i got this from the report


Victim IP addresses Unavailable
Victim hostname Unknown"

Destination domains
paste[.]ee
Destination port 443


thanks,

Comments

  • DNS watch only says the firebox blocked the site.
    Frustrating I know.

    It's usually something simple.

  • James_CarsonJames_Carson Moderator, WatchGuard Representative

    If you have DNSWatch enabled on the firewall itself, we should be able to look at the corresponding firewall logs in order to do this.

    The log from the DNSWatch service itself only sees the request to the blackhole IPs from your external IPs. You need the corresponding firewall logs to get more information here.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.