This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unusual traffic appearing in default Drop rule

Recently deployed XG in my network and i'm noticing unusual traffic from the "Drop ANY to WAN" rule that i really cannot explain. it appears the SRC IP is a public ip that i dont know and the DST IP is also an IP that i dont know , so it would mean its trying a "WAN TO WAN" connection which i do not understand, where is it coming from and where its going, and why is it trying to route via my network. I've attached a screenshot from the log viewer. Its just one of the many attempts.

This thread was automatically locked due to age.

0 rfcat_vk over 3 years ago

Hi Tendai,

please post a screenshot of your wan access configuration.

ian

XG115W - v20 GA - Home

XG on VM 8 - v20 GA

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 emmosophos over 3 years ago

Hello Tendai,

Thank you for contacting the Sophos Community!

Port8 seems to be your WAN interface, as mentioned by rfcat, what you do have configured for WAN services?

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 Tendai Hove over 3 years ago in reply to rfcat_vk

apologies for delayed response, have been away from a computer. I just took a look at my wan access rules, there's one that i'm suspicious about on port 8:1

Its actually a business application rule allowing AnyZone ,Anyhost forwarding to web server. Its also an attempt at a loopback to allow internal clients.
Cancel
Vote Up 0 Vote Down

Cancel