Not seeing blocked applications in dimension
Hi All, we have the latest dimension and firebox os on M470, we get email reports about the blocked applications, but when we go to dimension to find out who tried to use the application that was blocked the report, it shows blank like there were no logs? how can we find out who tried to use the application? Thanks.
0
Sign In to comment.
Comments
What are you searching for in Dimension Log Search?
Hi Bruce, There was a block application for "anydesk", but we cannot search in the logs of the block. Is there another place to find who or what ip address tried using the app?
what do you mean by "we cannot search in the logs of the block" ?
Do you mean that you end up with no results for a search for "anydesk" (no quotes) ?
Make sure that you have selected the Start Date to your desired search results.
Also select Traffic or All for your search
Correct, it product no results when searching even if we define the date range, it shows on the the executive summary email report, but not in dimension. It just shows no results.
Anydesk connects on port 80, 443 or 6568 and connects to 239.255.102.18
Try a search for 239.255.102.18
There are 3 log messages that you also could try searching for:
3000-0149 INFO Firewall /Packet Filter Application Control Traffic identified
1AFF-002E INFO Proxy / HTTP Application match
2CFF-0006 INFO Proxy / HTTPS HTTPS App Match
These are from the Log Catalog
https://www.watchguard.com/help/docs/fireware/12/en-US/log_catalog/12_11_Log-Catalog.pdf
The hyphens are not included in the log IDs in the Log Catalog
Thanks Bruce, we tried those search and did not find any related info. Strange that it shows up on executive report but not in the logs.
Hi @WGM
I'd suggest opening a support case. It's difficult to tell what might be happening without being able to see the dimension server itself.
-James Carson
WatchGuard Customer Support
Ok, Thank you all!