Sonicwall network monitoring


I have somebody on my network that is downloading illegal content, is there a way that I can find out from my sonicwall where is this user coming from, an easy way to find him/her?

Thank you,

Mario G.
Mario G.SupportAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mario G.SupportAuthor Commented:
I have a TZ00 firewall
Follow this clear to use guide:

If you find no such options in your menu, what you want to do is most likely not possible without manual logging.

Good luck!
Blue Street TechLast KnightCommented:
Hi Mario,

If you have CGSS licensing, you should be able to see the IP & NET BIOS in the logs of the device performing these illegal activities. You just need to setup the Logs & CGSS correctly.

Here is how to setup the Logs:
1. Setup log recording settings
Go to Log > Categories
Under Log Categories put a check next to Log at the top of the column so that it selects all categories.
Click Accept at the top.

2. Setup device recording settings
Go to Log > Name Resolution
Under Name Resolution Settings select DNS then NetBios.
Click Accept at the top.

I will wait to here from you before providing the instructions on setting up CGSS because if you don't have it ...providing instruction would be a waste of time.

With CGSS it comes with either ViewPoint or the Analyzer (depending on the model - I believe yours would be ViewPoint) reporting tool, which will give you a plethora of reporting capabilities including User-Based Tracking & Reporting.

Let me know & I can help you proceed accordingly. Thanks!
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

CGSS only comes with ViewPoint.  Analyzser is NOT part of CGSS and is a separate licence - however, the TZ100 and TZ200 don't support Application Visibility (The TZ215 does).

Your best best is definitely to look at the log categories to identify - or use the network monitor found under the system menu.

With the TZ215 and a CGSS (Comprehensive Gateway Security Suite) you would have been able to go into Network Monitor and - in real time - see the application visibility.

If you are on a windows system then login to and download (Free Downloads) the SonicWALL Directory Connector to one (or a couple) of your Active Directory servers (Note: Does not need to be a DC but can be).

Then on the TZ200 go to Users and setup a LDAP connection to your server and also SSO (Single Sign On) connection to your SonicWALL Directory Connector server.

Now the SonicWALL will be aware of who is who (via AD username) and you won't need to use Name Resolution Settings which may, or may not, work.
You can setup Analyzer or Viewpoint as a trial.  If you only want to find out who is doing it, that is a good way without actually buying it, however I believe the price is around $250 or so for the license.

We also require uses to authenticate as mentioned above but we do not do it through SSO, we require a separate LDAP auth each time since we have some shared workstations and accounts.
Mario G.SupportAuthor Commented:
Thank you all for all your answers, yes I have a viewpoint license only that I haven't installed it because I didn't really need it, but now that I have some sneaky users, I guess I need to have some way to monitor who is doing what.

Mario G.
Blue Street TechLast KnightCommented:
Again, ViewPoint is going to give you a broader view of what is happening with the users but if you want to get this nailed down quickly just setup the Logs as specified here: http:#a39450662 and setup CGSS (if you have it licensed). That will give you the NetBios & IP address of the users violating the  CGSS content (AV, Apps, AS, & Content Filtering).

Do you have CGSS licensed? (Go to Licensing to verify.)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mario G.SupportAuthor Commented:
Thank you all, I am installing ViewPoint and will be looking at the logs more often.
Blue Street TechLast KnightCommented:
Hi Mario,

I'm glad we could help you, but I'm curious why a "B"? Have you reviewed the grading guidelines:

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.