Specific PC Web Traffic
Hi everyone,
Model: Firebox M270
Version:12.4.1.B595401
I need assistance/advice on the simplest way to be able to monitor and log web traffic from a specific computer on the trusted network out to the Internet. I need website behaviour for a HR matter.
I have no logging server setup ATM, but am hoping there is a simple way to be able to do this via the Firewall.
Regards,
Chris Snape
0
Sign In to comment.
Comments
Add HTTP & HTTPS proxy policy From: the problem IP addr To: Any-external
Move these policies to the top of your policies list.
Enable Logging for Reports on each.
Note that for HTTPS, you will not see the URL being accessed unless you use Inspect, and to use Inspect, you need to install a firewall certificate on the web browser(s) being used on that PC.
You will be able to see the SNI and the CN which may give a good clue as to the HTTPS site being accessed.
There are 3 logging options:
. a syslog server
. WSM Log server - on a Windows device
. Dimension - on a VM, and this requires a current support license on your firewall