This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Strange random connections dropped

Hy together

I'm not sure if its waf related. When I check the packet filter log of the firewall random connection attemps are made to the firewall interface itself, starting from ***.***.***.***:443 or 80 to a random port of the internal interface of the firewall (in dmz its the ip of the dmz interface). For sure no rule exists for that the packets will be dropped. I've tryed several things: disabled keep alive--> no success, excluded these servers from the outgoing proxy --> no change

It affects all virtualized servers protected with waf (Exchange 2013, 2x Ubuntu Apache)

Can somebody help me to solve this drops or explain why these are occouring?

thx!

This thread was automatically locked due to age.

0 TheDrew over 11 years ago

Clients trying to access a specific port, in this case 80 or 443, will initiate the connection from a random high numbered port (above 1024). The server then responds back to the client on that initiating port. This is a normal part of the operation of TCP/IP so I wouldn't worry about it.

WAF is proxying the connection so I'd expect to see those in the logs.
Cancel
Vote Up 0 Vote Down

Cancel