Short of enabling packet capture/monitor on specific rules/policies, is there an easier way to see or to setup a Sonicwall to show blocked ports/services (realtime or as a report)?
I think packet capture is an overkill. I do not want to see content of packets, I do not want to see Accepted/Forwarded packets, I just want to see some "Dropped" events with src-ip, dst-ip, dst-proto and dst-port details.
I've searched online for this, went through the menu items of the device, checked out Sonicwall Analyzer, nothing. There are logs and statuses of successfull connections, detected and blocked attacks etc, but not just simple report showing blocked ports.
I used to work with Juniper firewalls, and both ScreenOS and JunOS flavours allowed me to enable logging on a policy (for example the global block policy) and then use a web interface or a command line to check what is blocked.
Best Answer
According to SonicWALL's Log Event Reference Guide, the UTM only logs up to 32k and then flush the logs.
So, If you wan't to gather enough data to troubleshoot blocked/dropped ports issues you will need to setup either a GMS/Analyzer (Which displays lots of information in a graphical console), or your favorite syslog daemon in a server.
The procedure to enable a syslog server is the same as adding an GMS/Analyzer appliance: https://support.software.dell.com/kb/sw10097
Update:
To get that level of detail with SonicWALL, you definitely will have to deploy a Syslog server. If you don't want to see anything else besides dropped/blocked packets reports, make sure to go to Log > Categories and uncheck all the fields except Network Access.
To have an idea of what kind of information you can expect to find in your syslog server, take a look at this filter: