SEP and SEPM 12.1 RU2 - the very latest up to this time.
I have configured the Firewall policy in RU2 with the peer-to-peer authentication settings - helps prevent remote connections or attempted remote connections by persons or computers outside of our own LANs. Slick - I go into Excluded hosts button, put in our subnets and networks, and it blocks remote connection attempts by forcing authentication. Excluded hosts don't have to get past this SEP firewall authentication and can RDP in like normal (still having to authenticate just like normal RDP connectins windows to windows OS)
It works as I see the entries in our KIWI logs - I have SEPM servers set up to forward certain logs and certain levels of alerts into the KIWI system so we can views ALL logs from any device, any server in one single place, and do SQL queries.
I see entries in the KIWI that says this was attempted, but I want to find these logs in the SEPM console - and can't. I checked the firewall - traffic, packet, and attack areas, don't see anything. Where should I be looking to see results of the peer to peer authentication and excluded hosts rules in the firewall -
Firewall policy, bottom choice on the left, exclused hosts, etc. where is this logged if someone or something tries to establish remote connection but the firewall stops it?