This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[UTM 9.4] Strange Traffic From AP15

After updating to 9.4 on my home license an own hardware, I noticed a spike in RAM usage and a bigger Web Filter log file. I noticed in the Web Filter that my AP15 was making odd connections to 52.XX.XXX.XX and 54.XX.XXX.XX IP's originating in Ireland. I did a quick lookup and these appear to be Amazon AWS servers. Are these Sophos-related or should I be worried?

This thread was automatically locked due to age.

0 sachingurung over 8 years ago

Hi,

Greetings.

Please post a screenshot so that I can understand this further.

Thanks

Sachin Gurung

Sachin Gurung
Team Lead | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 reinerh over 8 years ago

Yes, those are Sophos IPs. Are they still appearing in your log after an AP reboot?

But the spike in your RAM usage and web filter log is probably unrelated to this.
Cancel
Vote Up 0 Vote Down

Cancel
0 AzRoN over 8 years ago

Sophos (Cloud Managed) Wireless is coming...

The AP15, AP55 and AP100 series provides a mechanism to be 'claimed' and managed via Sophos Cloud. However, why the Access Points are persistently querying AWS now when managed by a UTM sounds like an unwanted side effect. Does it happen a lot? I can't see my AP55 going out via the Web Filter log at all...

==

When in doubt, Script it out.
Cancel
Vote Up 0 Vote Down

Cancel
0 MikaelAltares over 8 years ago

Sorry for the late reply. Been busy at work. Rebooting my AP15 appears to have solved the problem. I still found it odd how the AP was querying those IP's literally every second in the web filter log after the update. Everything seems to be fine now though. Thanks for that simple suggestion, heh.
Cancel
Vote Up 0 Vote Down

Cancel