Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 9469 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Find Local Address for a Firewall event

MoltenArrow

When reviewing firewall events, specifically "No Application Rule" type, the console reports information based on the remote address but not the local address. This information would be extremely helpful to determine which AD OU that the machine which triggered the event lives in and correspondingly which Firewall policy is applied to it.  Is there anyway to determine this?

Enpoint: 10.0

Enterprise Console: 5.2.1.197

:43463


This thread was automatically locked due to age.
Parents
  • 0

    Sorry with regard to the users/computers, the computers are reporting "Same as policy" but are still logging "no application rule" events... even locally.  We are currently using Allow by default but are trying to generate a ruleset to be able to move to Block seamlessly from the end user perspective.  I'm going to open a formal ticket on this one because it's pretty clear that it's not behaving as it should.  Thanks for being the souding board.

    :43555
Reply
  • 0

    Sorry with regard to the users/computers, the computers are reporting "Same as policy" but are still logging "no application rule" events... even locally.  We are currently using Allow by default but are trying to generate a ruleset to be able to move to Block seamlessly from the end user perspective.  I'm going to open a formal ticket on this one because it's pretty clear that it's not behaving as it should.  Thanks for being the souding board.

    :43555
Children
No Data