This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Any experience with an excessive number of ThunderVPN hits?

I recently set up a new XG firewall at our main branch location in order to assist with IPS and application control service.   I am currently using the "Block high risk (Risk Level 4 and 5) apps" setting for app control.

What I am noticing is a large amount of ThunderVPN hits on our network, and I'm at a bit of a loss on what could be causing this traffic.  I'm glad they are being blocked, but I wanted to see if anyone had any experience with this and what might be utilizing this service.

Our entire network consists of Dell workstations and the traffic is coming from various IP addresses, not just one machine.

Thanks in advance for any information!



This thread was automatically locked due to age.
Parents
  • Hi,

    the last time I was able to investigate the issue I determined the XG was wrongly categorising Apple connections. My daily report shows thunderVPN but I am not able to find any entries in the logviewer reports so further investigation is required at my end.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hi,

    the last time I was able to investigate the issue I determined the XG was wrongly categorising Apple connections. My daily report shows thunderVPN but I am not able to find any entries in the logviewer reports so further investigation is required at my end.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
  • While the thunderVPN shows up in the mail reports and in the reports generated from the GUI reports tab, it does not show in logviewer.

    All my Apple devices show using the thunderVPN to talk to Apple servers in various counties. The application is also categorised as Proxy and Tunnel - client server. The reports show low traffic and hits less that 60 per device.

    What it communicating with  have no idea let alone why?

    Ian

    A bit more poking shows it is talking to NTP servers which is strange because I have all NTP traffic pointing at my internal NTP server. Time to re-arrange firewall rules order.

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.