This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[UTM 9.4] Strange Traffic From AP15

After updating to 9.4 on my home license an own hardware, I noticed a spike in RAM usage and a bigger Web Filter log file. I noticed in the Web Filter that my AP15 was making odd connections to 52.XX.XXX.XX and 54.XX.XXX.XX IP's originating in Ireland. I did a quick lookup and these appear to be Amazon AWS servers. Are these Sophos-related or should I be worried?


This thread was automatically locked due to age.
  • Hi,

    Greetings.

    Please post a screenshot so that I can understand this further.

    Thanks

    Sachin Gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Yes, those are Sophos IPs. Are they still appearing in your log after an AP reboot?

    But the spike in your RAM usage and web filter log is probably unrelated to this.

  • Sophos (Cloud Managed) Wireless is coming...

    The AP15, AP55 and AP100 series provides a mechanism to be 'claimed' and managed via Sophos Cloud.  However, why the Access Points are persistently querying AWS now when managed by a UTM sounds like an unwanted side effect.  Does it happen a lot?  I can't see my AP55 going out via the Web Filter log at all...

    ==

    When in doubt, Script it out.

  • Sorry for the late reply. Been busy at work. Rebooting my AP15 appears to have solved the problem. I still found it odd how the AP was querying those IP's literally every second in the web filter log after the update. Everything seems to be fine now though. Thanks for that simple suggestion, heh.