I recently set up a new XG firewall at our main branch location in order to assist with IPS and application control service. I am currently using the "Block high risk (Risk Level 4 and 5) apps" setting for app control.
What I am noticing is a large amount of ThunderVPN hits on our network, and I'm at a bit of a loss on what could be causing this traffic. I'm glad they are being blocked, but I wanted to see if anyone had any experience with this and what might be utilizing this service.
Our entire network consists of Dell workstations and the traffic is coming from various IP addresses, not just one machine.
Thanks in advance for any information!
Confirmed latest pattern update 18.18.62 appears to have resolved the issue, "offending" services have need re-enabled and no further hits int the logs (possibly since the previous update on 12th Oct?)…
Check the current IPS Pattern and verify, if the issue is resolved. Feel free to report back.
happens again on IPS pattern 18.18.56, please fix
please fix, wan't an issue yesterday, but has returned today. Not good QA.