Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Viel Traffic: Unclassified Application/Catergory - im Tagesreport

Hallo,

ich habe einen volumenabhängigen LTE Tarif. Über die UTM schaue ich mir natürlich auch mein Datennutzungsverhalten an. Ich habe nun festgestellt, dass in dem Daily Executive Report in der Rubrik "TOP 10 Application" es einen Eintrag gibt: UNCLASSIFIED

Knapp 25GB an einem Tag über Port 80 ...

Jetzt würde mich ja mal ganz genau interessieren, was da genau gelaufen ist.

Im Flow Monitor sehe ich manchmal die Kategorie "unclassified" - da finden bspw. Zugriffe auf Webseiten statt (Abfrage Wetterdaten usw.). Kann ich im Nachgang herausfinden, auf welchen Seiten diese Summe zustande gekommen ist? Warum überhaupt "unclassified"?

Grüße und Danke [:)]


This thread was automatically locked due to age.
Parents
  • Habe das Log gefunden: Web Filtering - eigentlich klar [;)]

    Warum aber wird dieser Traffic als unclassified gelogged?

    2015:01:02-21:42:29 FRAD-FIREWALL httpproxy[23740]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.10.18" dstip="80.157.151.51" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffAllow (Internet-Policy)" size="0" request="0x10707c80" url="http://international.download.nvidia.com/GFE/GFEClient/2.1.5.0/GeForce_Experience_Update_v2.1.5.0.exe" exceptions="" error="" authtime="0" dnstime="770" cattime="65540" avscantime="264294271" fullreqtime="291414753" device="0" auth="0" category="105,175" reputation="neutral" categoryname="Business,Software/Hardware" content-type="application/octet-stream"
    2015:01:02-21:44:16 FRAD-FIREWALL httpproxy[23740]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.10.18" dstip="80.157.151.51" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffAllow (Internet-Policy)" size="0" request="0xe303a2c0" url="http://international.download.nvidia.com/GFE/GFEClient/2.1.5.0/GeForce_Experience_Update_v2.1.5.0.exe" exceptions="" error="" authtime="0" dnstime="817" cattime="73722" avscantime="286676164" fullreqtime="308668735" device="0" auth="0" category="105,175" reputation="neutral" categoryname="Business,Software/Hardware" content-type="application/octet-stream"
    2015:01:02-21:45:36 FRAD-FIREWALL httpproxy[23740]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.10.18" dstip="80.157.151.51" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffAllow (Internet-Policy)" size="0" request="0x8b42bb0" url="http://international.download.nvidia.com/GFE/GFEClient/2.1.5.0/GeForce_Experience_Update_v2.1.5.0.exe" exceptions="" error="" authtime="0" dnstime="819" cattime="81751" avscantime="305050156" fullreqtime="327981055" device="0" auth="0" category="105,175" reputation="neutral" categoryname="Business,Software/Hardware" content-type="application/octet-stream"
    2015:01:02-21:46:14 FRAD-FIREWALL httpproxy[23740]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.10.18" dstip="80.157.151.51" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffAllow (Internet-Policy)" size="0" request="0x109b1470" url="http://international.download.nvidia.com/GFE/GFEClient/2.1.5.0/GeForce_Experience_Update_v2.1.5.0.exe" exceptions="" error="" authtime="0" dnstime="391" cattime="66308" avscantime="314761396" fullreqtime="335534796" device="0" auth="0" category="105,175" reputation="neutral" categoryname="Business,Software/Hardware" content-type="application/octet-stream"
    2015:01:02-21:47:34 FRAD-FIREWALL httpproxy[23740]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.10.18" dstip="80.157.151.51" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffAllow (Internet-Policy)" size="0" request="0x109fd198" url="http://international.download.nvidia.com/GFE/GFEClient/2.1.5.0/GeForce_Experience_Update_v2.1.5.0.exe" exceptions="" error="" authtime="0" dnstime="829" cattime="72900" avscantime="337396146" fullreqtime="355593525" device="0" auth="0" category="105,175" reputation="neutral" categoryname="Business,Software/Hardware" content-type="application/octet-stream" 
Reply
  • Habe das Log gefunden: Web Filtering - eigentlich klar [;)]

    Warum aber wird dieser Traffic als unclassified gelogged?

    2015:01:02-21:42:29 FRAD-FIREWALL httpproxy[23740]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.10.18" dstip="80.157.151.51" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffAllow (Internet-Policy)" size="0" request="0x10707c80" url="http://international.download.nvidia.com/GFE/GFEClient/2.1.5.0/GeForce_Experience_Update_v2.1.5.0.exe" exceptions="" error="" authtime="0" dnstime="770" cattime="65540" avscantime="264294271" fullreqtime="291414753" device="0" auth="0" category="105,175" reputation="neutral" categoryname="Business,Software/Hardware" content-type="application/octet-stream"
    2015:01:02-21:44:16 FRAD-FIREWALL httpproxy[23740]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.10.18" dstip="80.157.151.51" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffAllow (Internet-Policy)" size="0" request="0xe303a2c0" url="http://international.download.nvidia.com/GFE/GFEClient/2.1.5.0/GeForce_Experience_Update_v2.1.5.0.exe" exceptions="" error="" authtime="0" dnstime="817" cattime="73722" avscantime="286676164" fullreqtime="308668735" device="0" auth="0" category="105,175" reputation="neutral" categoryname="Business,Software/Hardware" content-type="application/octet-stream"
    2015:01:02-21:45:36 FRAD-FIREWALL httpproxy[23740]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.10.18" dstip="80.157.151.51" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffAllow (Internet-Policy)" size="0" request="0x8b42bb0" url="http://international.download.nvidia.com/GFE/GFEClient/2.1.5.0/GeForce_Experience_Update_v2.1.5.0.exe" exceptions="" error="" authtime="0" dnstime="819" cattime="81751" avscantime="305050156" fullreqtime="327981055" device="0" auth="0" category="105,175" reputation="neutral" categoryname="Business,Software/Hardware" content-type="application/octet-stream"
    2015:01:02-21:46:14 FRAD-FIREWALL httpproxy[23740]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.10.18" dstip="80.157.151.51" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffAllow (Internet-Policy)" size="0" request="0x109b1470" url="http://international.download.nvidia.com/GFE/GFEClient/2.1.5.0/GeForce_Experience_Update_v2.1.5.0.exe" exceptions="" error="" authtime="0" dnstime="391" cattime="66308" avscantime="314761396" fullreqtime="335534796" device="0" auth="0" category="105,175" reputation="neutral" categoryname="Business,Software/Hardware" content-type="application/octet-stream"
    2015:01:02-21:47:34 FRAD-FIREWALL httpproxy[23740]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="192.168.10.18" dstip="80.157.151.51" user="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_HttCffAllow (Internet-Policy)" size="0" request="0x109fd198" url="http://international.download.nvidia.com/GFE/GFEClient/2.1.5.0/GeForce_Experience_Update_v2.1.5.0.exe" exceptions="" error="" authtime="0" dnstime="829" cattime="72900" avscantime="337396146" fullreqtime="355593525" device="0" auth="0" category="105,175" reputation="neutral" categoryname="Business,Software/Hardware" content-type="application/octet-stream" 
Children