Firewall model: Sonicwall NSA2400.
I am trying to figure out our firewall to diagnose a possible breach. We have a current rule active to deny all WAN to all LAN for all protocols. I just want to be sure that this would deny anything that is not specifically set to be allowed by other rules, correct?
I am currently seeing an active connection coming in from another country. However, while I see it in the connections monitor, there is nothing in the logs for the IP (handshake, ack). How is this possible if we have everything denied and why does nothing show up in the logs if it shows up in the connections monitor? When I try to "flush" the connection, I get the alert "Not Found" and when I refresh, the connection remains. I am also seeing TX and RX from the connection.
The only connections authorized outside the access rules is an active...