Traffic from UTM to Server but why??

Hello @all,

one of my UTM are sending traffic to a specific server and I can't find out why:

Here are a tcp dump.

08:05:30.567848 IP fw1.33188 > x.x.x.x.ldap: UDP, length 101
08:06:03.792954 IP fw1.45627 > x.x.x.x.microsoft-ds: Flags [S], seq 551884075, win 29200, options [mss 1460,sackOK,TS val 1295262551 ecr 0,nop,wscale 7], length 0
08:06:03.798464 IP fw1.32785 > x.x.x.x.netbios-ssn: Flags [S], seq 1278570919, win 29200, options [mss 1460,sackOK,TS val 1295262553 ecr 0,nop,wscale 7], length 0
08:06:04.797148 IP fw1.32785 > x.x.x.x.netbios-ssn: Flags [S], seq 1278570919, win 29200, options [mss 1460,sackOK,TS val 1295262803 ecr 0,nop,wscale 7], length 0
08:06:35.051457 IP fw1.36792 > x.x.x.x.ldap: UDP, length 100
08:07:08.320143 IP fw1.45641 > x.x.x.x.microsoft-ds: Flags [S], seq 3680754189, win 29200, options [mss 1460,sackOK,TS val 1295278683 ecr 0,nop,wscale 7], length 0

For the Server x.x.x.x i have onyl a FW-Rule and a static route from one LAN outside to that Server inside. No LDAP Communication no NETBios or other once.

So why is sending the UTM-FW Traffic to this Server?

Many thank's in advanced!