Enforced Client Product Guide

Using the Firewall Protection Service

 

Managing suspicious activity with best practices

Using the Inbound Events Blocked by Firewall report

When you want to...

Do this...

 

 

 

 

 

Display computers or

Click

 

next to a name:

detections

 

„ Under a computer name, show which detections were found.

 

 

„ Under a detection name, show the computers where it was found.

 

 

 

View details about

In the Inbound Events Blocked by Firewall report, click a quantity under

events

Events to display the Inbound Event List.

 

The Inbound Event List shows the name of the event, the number of

 

occurrences, and the date on which it was detected.

View details about a

In the Inbound Events Blocked by Firewall report, click a computer name

computer

to display the Computer Details page.

The Computer Details page displays information about the computer, its service components, and its detections (see Display details for a computer on page 67).

5

Managing suspicious activity with best practices

To effectively manage your strategy for guarding against suspicious activity, we recommend that you proactively track the types of suspicious activity being detected and where they are occurring.

To effectively manage your firewall protection strategy:

1Check your status emails or the SecurityCenter website for an overview of your account’s status. See Sign up for email notifications on page 62 to request status emails.

2Check the Unrecognized Programs report and Inbound Events Blocked by Firewall report regularly. See View unrecognized Internet applications on page 123 and View inbound events blocked by the firewall on page 124.

3To centralize management and more easily monitor the types of applications and communications allowed on client computers, configure client firewall protection settings in a policy.

4Decide whether to use SonicWALL’s recommendations for commonly used, safe Internet applications (see Specify whether to use SonicWALL recommendations on page 121). When this option is enabled, applications on SonicWALL’s whitelist are approved automatically, minimizing the need for you or users to approve applications manually.

5Use “learn” mode to identify which applications to add to the Allowed Internet Applications list (see Learn mode on page 116). This ensures that no applications required for your business are blocked before you have the opportunity to authorize their use. Then change your protection mode to Protect.

6If particular types of intrusions are occurring frequently or certain computers appear vulnerable, update the policy to resolve these issues.

„Ensure that the firewall protection service is enabled. See Enable firewall protection on page 114.

„Carefully specify the environment where client computers are used. For users with mobile computers, ensure that they know how to select the correct connection type each time their environment changes and their policy allows them to do so. See Specify a connection type on page 116.

124

Page 124
Image 124
SonicWALL 4.5 manual Managing suspicious activity with best practices, Using the Inbound Events Blocked by Firewall report

4.5 specifications

SonicWALL 4.5 is a robust network security solution designed to address the evolving challenges in threat protection and data security. This release brings a suite of advanced features, cutting-edge technologies, and characteristics tailored to enhance system performance and resilience against cyber threats.

One of the highlight features of SonicWALL 4.5 is its Integrated Intrusion Prevention System (IPS). This system provides real-time threat detection and response by monitoring network traffic for potential vulnerabilities and malicious activities. With continuously updated signature-based detection, it ensures that organizations are protected against the latest exploits and attack vectors.

Another key component is the Next-Generation Firewall (NGFW) capabilities, which combine traditional firewall functions with advanced features such as application awareness, user identity control, and content filtering. The NGFW allows organizations to enforce detailed policies based on user roles, thereby enhancing the security posture while maintaining user productivity.

SonicWALL 4.5 also incorporates advanced malware protection through its Capture Advanced Threat Protection (ATP) service. This multi-engine sandboxing technology analyzes suspicious files and URLs in a secure environment, providing organizations with in-depth insights into potential threats before they reach the network.

Furthermore, the solution includes enhancements to Secure Mobile Access, enabling secure remote connections while ensuring that sensitive data remains protected. With features like SSL VPN, SonicWALL 4.5 allows users to securely access private networks from anywhere while maintaining compliance with data protection regulations.

In terms of management, SonicWALL 4.5 introduces an intuitive interface for centralized management, enabling IT administrators to configure and monitor multiple devices effortlessly. The reporting and logging capabilities are enhanced, providing detailed insights into network activity, which is crucial for compliance and forensic analysis.

SonicWALL 4.5 also prioritizes user experience and performance with its optimized hardware, ensuring faster processing speeds and reduced latency. Features like high availability and load balancing further enhance system reliability.

In summary, SonicWALL 4.5 stands out with its integrated IPS, NGFW capabilities, advanced malware protection through Capture ATP, secure mobile access, intuitive management interface, and optimized performance. This comprehensive suite of features positions SonicWALL 4.5 as a formidable player in the realm of network security, making it an appealing choice for organizations seeking robust protection against an ever-evolving threat landscape.