Справочник Пользователя для SonicWALL 4.5
124
Enforced Client Product Guide
Using the Firewall Protection Service
Managing suspicious activity with best practices
5
Using the Inbound Events Blocked by Firewall report
Managing suspicious activity with best practices
To effectively manage your strategy for guarding against suspicious activity, we recommend
that you proactively track the types of suspicious activity being detected and where they are
occurring.
that you proactively track the types of suspicious activity being detected and where they are
occurring.
To effectively manage your firewall protection strategy:
1 Check your status emails or the SecurityCenter website for an overview of your account’s
1 Check your status emails or the SecurityCenter website for an overview of your account’s
status. See
to request status emails.
2 Check the
Unrecognized Programs
report and
Inbound Events Blocked by Firewall
report
.
3 To centralize management and more easily monitor the types of applications and
communications allowed on client computers, configure client firewall protection settings in
a policy.
a policy.
4 Decide whether to use SonicWALL’s recommendations for commonly used, safe Internet
applications (see
). When
this option is enabled, applications on SonicWALL’s whitelist are approved automatically,
minimizing the need for you or users to approve applications manually.
minimizing the need for you or users to approve applications manually.
5 Use “learn” mode to identify which applications to add to the Allowed Internet Applications
). This ensures that no applications required for your
business are blocked before you have the opportunity to authorize their use. Then change
your protection mode to
your protection mode to
Protect
.
6 If particular types of intrusions are occurring frequently or certain computers appear
vulnerable, update the policy to resolve these issues.
Ensure that the firewall protection service is enabled. See
Carefully specify the environment where client computers are used. For users with mobile
computers, ensure that they know how to select the correct connection type each time
their environment changes and their policy allows them to do so. See
computers, ensure that they know how to select the correct connection type each time
their environment changes and their policy allows them to do so. See
.
When you want to...
Do this...
Display computers or
detections
detections
Click
next to a name:
Under a computer name, show which detections were found.
Under a detection name, show the computers where it was found.
View details about
events
events
In the
Inbound Events Blocked by Firewall
report, click a quantity under
Events
to display the
Inbound Event List
.
The
Inbound Event List
shows the name of the event, the number of
occurrences, and the date on which it was detected.
View details about a
computer
computer
In the
Inbound Events Blocked by Firewall
report, click a computer name
to display the
Computer Details
page.
The
Computer Details
page displays information about the computer, its
service components, and its detections (see
).