Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 2935 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

enterprise console 5.1 - view firewall logs remotely?

Neon

I am running Sophos Enterprise Console 5.1 to manage about 400 endpoint systems that have the client firewall installed.

What is the best way to remotely troubleshoot firewall rule issues on the client? If I am sitting at the system, I can easily look at the local Sophos console and pull up the Firewall Event Viewer, but what are my options when I'm sitting remotely? Is there a log file I can pull and view? Or attach remotely via the Enterprise Console?

I ask this largely because the point of a client firewall is to provide just enough protection to stop unwanted traffic, but allow just enough to enable users to do their defined jobs. Finding and maintaining this sweet spot requires significant trial and error and troubleshooting.

:29587


This thread was automatically locked due to age.
Parents
  • 0

    Hi again! Yeah, I was hoping for a better option than what I've been seeing.

    Is there a file stored on the endpoint that holds the firewall logs that I can open and parse on my own somehow?

    I've seen quite a few installation notes/suggestions that end up basically putting the local corporate network as a Trusted LAN (full trust inbound and outbound), which really ends up defeating the purpose of having the firewall, especially on any endpoints that aren't mobile. I don't think this is good layered security.

    My goal is to make as few policies as possible and cover my entire, varied user base, but not to get out of the way so much that I question why the tool is even installed.

    To get to the point where my firewall policies are tight, pretty much means having a large number of my systems running the firewall and seeing what's broken and what needs allowed. And this, of course, means some sort of ability to view logs and troubleshoot remotely.

    Failing that, I'm then not surprised so many installs end up wide open on the LAN side. :)

    :29597
Reply
  • 0

    Hi again! Yeah, I was hoping for a better option than what I've been seeing.

    Is there a file stored on the endpoint that holds the firewall logs that I can open and parse on my own somehow?

    I've seen quite a few installation notes/suggestions that end up basically putting the local corporate network as a Trusted LAN (full trust inbound and outbound), which really ends up defeating the purpose of having the firewall, especially on any endpoints that aren't mobile. I don't think this is good layered security.

    My goal is to make as few policies as possible and cover my entire, varied user base, but not to get out of the way so much that I question why the tool is even installed.

    To get to the point where my firewall policies are tight, pretty much means having a large number of my systems running the firewall and seeing what's broken and what needs allowed. And this, of course, means some sort of ability to view logs and troubleshoot remotely.

    Failing that, I'm then not surprised so many installs end up wide open on the LAN side. :)

    :29597
Children
No Data