Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 29 subscribers
  • Views 4223 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Internal IP addresses being identified as Attackers by XG

Neil Ford1

 Hey, everyone. I feel like I may have set up my firewall backwards or something. As seen in the picture, many of my internal IP addresses are being identified as attackers, and external sources are listed as victims. Is this typical behavior?

I have my WAN set up as 10.0.0.X which is pulling its IP from my ISP's modem, and I have my LAN set up for 192.168.1.X. All internal addresses pull an address in this range. 

 



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to FloSupport

    Bet everything on the new Lets Encrypt pattern. Can you show us, which attacks are involved? 

  • 0 in reply to LuCar Toni

    Hi folks,

    I used to receive that report a lot until I cleaned up my DNS on the XG. 

    Do you means this

    Attack : SERVER-WEBAPP Lets Encrypt SSL certificate issuer detected

     

    Ian

  • 0 in reply to LuCar Toni

     

    Looks like a very large majority of them are in fact the Lets Encrypt cert.  

     

    Edit: This may be cause for another one of my issues.. I can no longer access my internally hosted websites. I get certificate invalid complaints. Would these "attack" reports also break my website hosted with a certbot generated LetsEncrypt cert? 

     

    Edit: nevermind on the above edit.. The problem seems to be that my domain no longer looks for the LetsEncrypt certificate and instead complains that the certificate is wrong. It is sending the sophosappliancecertificate CA.