124
Enforced Client Product Guide Using the Firewall Protection Service
Managing suspicious activity with best practices
5
Using the Inbound Events Blocked by Firewall report
Managing suspicious activity with best practices
To effectively manage your strategy for guarding against suspicious activity, we recommend
that you proactively track the types of suspicious activity being detected and where they are
occurring.
To effectively manage your firewall protection strategy:
1 Check your status emails or the SecurityCenter website for an overview of your account’s
status. See
Sign up for email notifications on page 62 to request status emails.
2 Check the Unrecognized Programs report and Inbound Events Blocked by Firewall report
regularly. See
View unrecognized Internet applications on page 123 and View inbound
events blocked by the firewall on page 124.
3 To centralize management and more easily monitor the types of applications and
communications allowed on client computers, configure client firewall protection settings in
a policy.
4 Decide whether to use SonicWALL’s recommendations for commonly used, safe Internet
applications (see
Specify whether to use SonicWALL recommendations on page 121). When
this option is enabled, applications on SonicWALL’s whitelist are approved automatically,
minimizing the need for you or users to approve applications manually.
5 Use “learn” mode to identify which applications to add to the Allowed Internet Applications
list (see
Learn mode on page 116). This ensures that no applications required for your
business are blocked before you have the opportunity to authorize their use. Then change
your protection mode to
Protect.
6 If particular types of intrusions are occurring frequently or certain computers appear
vulnerable, update the policy to resolve these issues.
Ensure that the firewall protection service is enabled. See Enable firewall protection on
page 114.
Carefully specify the environment where client computers are used. For users with mobile
computers, ensure that they know how to select the correct connection type each time
their environment changes and their policy allows them to do so. See Specify a connection
type on page 116.
When you want to... Do this...
Display computers or
detections
Click next to a name:
Under a computer name, show which detections were found.
Under a detection name, show the computers where it was found.
View details about
events
In the
Inbound Events Blocked by Firewall report, click a quantity under
Events to display the Inbound Event List.
The
Inbound Event List shows the name of the event, the number of
occurrences, and the date on which it was detected.
View details about a
computer
In the Inbound Events Blocked by Firewall report, click a computer name
to display the
Computer Details page.
The
Computer Details page displays information about the computer, its
service components, and its detections (see Display details for a computer
on page 67).