how can i tell which device triggered a block

i need to know which computer triggered each block.

i got this from the report

Victim IP addresses Unavailable
Victim hostname Unknown"

Destination domains
Destination port 443



  • Options

    DNS watch only says the firebox blocked the site.
    Frustrating I know.

    It's usually something simple.

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    If you have DNSWatch enabled on the firewall itself, we should be able to look at the corresponding firewall logs in order to do this.

    The log from the DNSWatch service itself only sees the request to the blackhole IPs from your external IPs. You need the corresponding firewall logs to get more information here.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.