sonicwall botnet filter alert

I have an issue with sonicwall blocking an ip address that is hosting a depts website, which now they are not able to access from within the network. I have a SonicWall NSA 4600. I need to allow the users to access the ip address to continue website maintenance. It worked before until after an update.
GrizNation23IT DirectorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Is it blocked via firewall rules or blocked via content filtering?

If it's due to FW rule then disable then you can create a temporary exception or disable the rule for now.  The instruction below should give you a nice screenshot on the settings required:

Same with the content filtering:

Btw, what's the exact message Sonicwall gave? Is the department website in a different subnet or VN?  If yes, then all you probably need to do is create an exception FW rule to allow communication from/to that specific server.
Blue Street TechLast KnightCommented:
Hi grizNation,

What update..SonicOS? Is your firmware current? If not try updating it and see if the issue resolves itself.

What security services do you have licensed? CGSS?

Are you getting specific BotNet alerts int he logs for the IP in question? I'm assuming this is a WAN IP based on a) how botnet filtering works by default (unless someone has modifying something they shouldn't) and b) the word you used ("hosting"). If these assumptions are correct, then go to Security Services > Botnet and under Diagnostics you can lookup the IP using the Lookup Tool. If it's showing as the culprit, simply whitelist the IP under Botnet Exclusion Object: and make sure Default Geo-IP and Botnet Exclusion Group is selected or make your own if you want. Then go to Network > Address Objects and create a new Object with the IP address you want to whitelist. It should look like this:

Name: Department Website or whatever...
Zone Assignment: WAN
Type: Host
IP Address: <IP of  dept website server>

Then locate the Address Group named Default Geo-IP and Botnet Exclusion Group and add the newly created object above. By Default Default Geo-IP and Botnet Exclusion Group has Firewalled Subnets included in the exclusion, which is why I said previously that by default internal IPs don't have any baring on Botnet filtering unless someone has misconfigured defaults. :)

Let me know how it goes!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Blue Street TechLast KnightCommented:
Any questions? How's it going?
GrizNation23IT DirectorAuthor Commented:
was botnet group. thank you very much.
Peter WilsonITCommented:
Interesting find. This helped me too!
Blue Street TechLast KnightCommented:
Thanks for the points. Glad I could help!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.