Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WiFi user showing up in Threat report

I have my xg in gateway mode.  It is part of my layer one network.  My default lan is 192.168.0,  the gateway is setup with a static rout on 192.168.2.  All of this is working fine.

I then have a WiFi network setup with two SSIDs.  One is on vlan 1 and part of the layer one 192.168.0 scope. This SSID has all the rules that everyone else has. The second is a guest network on vlan 20 using 10.10.1.  This also works fine.  Users on my guest network can get out to the internet but can not see, ping or access anything on vlan 1(192.168.0).  They have no web filter rules applied. In the rule that alows the wifi port to go out the wan I have no loging,  no scan, no ips, nothing set.

The problem I have is that in my reports under intrusion attacks I see a bunch of my guest DHCP addresses.  When I look at specific ones I see my employees iPhone hitting some random ips that sophos is saying are victims.

Why are these being logged at all?  I dont really care what they do on their iphones.



This thread was automatically locked due to age.
Parents Reply Children
  • Yes, that is what it is. However 10.10.1.128 is the client on my network. Im assuming its saying that 23.32.162.217 is vulnerable. I dont care about this. I dont want to log this sort of message from my guest wifi. I thought I had logging off in my rule that allows that traffic out.

    2016-01-13 07:35:46

    Signatures

    Detect

    -

    10.10.1.128 :TCP(61896)

    23.32.162.217 :TCP(443)

    2601632

    SSL Request Export Ciphersuite Detection

    Browsers

    BSD,Linux,Mac,Solaris,Unix,Windows

    Client,Server

    3

    07001