Recently deployed XG in my network and i'm noticing unusual traffic from the "Drop ANY to WAN" rule that i really cannot explain. it appears the SRC IP is a public ip that i dont know and the DST IP is also an IP that i dont know , so it would mean its trying a "WAN TO WAN" connection which i do not understand, where is it coming from and where its going, and why is it trying to route via my network. I've attached a screenshot from the log viewer. Its just one of the many attempts.
please post a screenshot of your wan access configuration.
Thank you for contacting the Sophos Community!
Port8 seems to be your WAN interface, as mentioned by rfcat, what you do have configured for WAN services?
apologies for delayed response, have been away from a computer. I just took a look at my wan access rules, there's one that i'm suspicious about on port 8:1
Its actually a business application rule allowing AnyZone ,Anyhost forwarding to web server. Its also an attempt at a loopback to allow internal clients.