Hi,
We are having a really strange problem with one of our web servers. We have a SG310 fully patched. 2 days ago when open a URL that point to one of the websites behind UTM a chinese website get opened and in the addres bar we see still the URL of our site but contant is in chinese. This website is published to internet by WAF. when the site internaly open we see the right contant when use the URL from internet get the wrong website.
We did use a DNAT instead of WAF and we see the correct website. the WAF is configured correctly and was working for 3 years without any problem. the WAF logs shows nothing wrong
What is going on? is the UTM get hacked? if this is MIMA DNS attack why we can open the url when using the DNAT?
Any suggestion?
This thread was automatically locked due to age.
Quote