If you are only interested in reporting on web traffic, the best way to do this is by filtering on the Message field.
SonicWALL logs a message such as 'Connection Open/Closed' for firewall traffic, but does not log any message for web traffic. Therefore you can filter your reports by Message 'includes' <blank> to show only web traffic, which should in turn remove a majority of the IPs you are seeing.
To do this:
1. Go to the Reports tab and select your report template
2. Ensure the template is based on the SonicWall Firewall and Web Schema. If it says ‘All Web Schemas’ in the ‘Details’ task pad, then right-click the template and select Duplicate. Select the SonicWall Firewall and Web schema, name the report template appropriately and click OK.
3. Right-click the template and go to Properties
4. In the Filter section, click Add | Field Value Filter
5. Select Message as the summary
6. Click the Add button and click OK without entering a value (i.e. enter a blank value)
7. Ensure the ‘Include’ radio option is selected and click OK.
Your entire report template is now filtered by log records where the Message field is blank, removing all non-web traffic from the report.
Regenerate your report and you should see less IP addresses in the lists of sites.
You can potentially clean up web reports even further using the Status Code field. For example:
Status Code ‘Includes’ 200
Or perhaps use the Status Code Groups alias to filter by Success status codes.
This will remove non-successful web hits, such as 404 (not found) and 403 (forbidden) from the report. This may or may not be desirable.