Options

how can i tell which device triggered a block

davidneltzondavidneltzon
in DNSWatch - General

hello,
i need to know which computer triggered each block.

i got this from the report

Victim IP addresses Unavailable
Victim hostname Unknown"

Destination domains
paste[.]ee
Destination port 443

thanks,

Comments

  • Options
    shaazaminatorshaazaminator

    DNS watch only says the firebox blocked the site.
    Frustrating I know.

    It's usually something simple.

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    If you have DNSWatch enabled on the firewall itself, we should be able to look at the corresponding firewall logs in order to do this.

    The log from the DNSWatch service itself only sees the request to the blackhole IPs from your external IPs. You need the corresponding firewall logs to get more information here.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.