Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

3 web browsers up, 1 user using XG as a proxy what browser and site is kicking up 287 Attacks Detected?

Hi,


I have 3 web browsers up, chrome, Firefox and IE.  I am the only person on the XG firewall using it as a proxy for HTTP and HTTPS.  I use Firefox for my personal email, Chrome for work and IE for  a customer portal and accidentally left the main tab up on MSN...

Now I have 287 attacks

SSL Request Export Ciphersuite Detection
OpenSSL ssl get aglorithym 3 TLS Denial of Service
HTTP DoS Attack - Slowloris

Is there a way to see if this is IE that is making all this bad traffic?  I am not surfing porn or any dangerous sites.  Not sure why there are so many alerts and they are allowed and not blocked.  I am sure there is a user agent to identify the application or browser.  Is there a log file I can grep for these issues?


Why are the host names not shown with the IP addresses, or hostname at the time of the error in the log?

I really want to get a handle on http/https and all traffic going out the XG or UTM9 and it is looking like SOPHOS is not professional grade and would take hours per security event to get to the bottom of the issue.

Thanks,

Joe



This thread was automatically locked due to age.