how can i tell which device triggered a block
hello,
i need to know which computer triggered each block.
i got this from the report
Victim IP addresses Unavailable
Victim hostname Unknown"
Destination domains
paste[.]ee
Destination port 443
thanks,
0
Sign In to comment.
Comments
DNS watch only says the firebox blocked the site.
Frustrating I know.
It's usually something simple.
If you have DNSWatch enabled on the firewall itself, we should be able to look at the corresponding firewall logs in order to do this.
The log from the DNSWatch service itself only sees the request to the blackhole IPs from your external IPs. You need the corresponding firewall logs to get more information here.
-James Carson
WatchGuard Customer Support