Thread Info
  • State Verified Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 92 replies
  • Subscribers 44 subscribers
  • Views 12028 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Any experience with an excessive number of ThunderVPN hits?

ARandomHerdFan

I recently set up a new XG firewall at our main branch location in order to assist with IPS and application control service.   I am currently using the "Block high risk (Risk Level 4 and 5) apps" setting for app control.

What I am noticing is a large amount of ThunderVPN hits on our network, and I'm at a bit of a loss on what could be causing this traffic.  I'm glad they are being blocked, but I wanted to see if anyone had any experience with this and what might be utilizing this service.

Our entire network consists of Dell workstations and the traffic is coming from various IP addresses, not just one machine.

Thanks in advance for any information!



This thread was automatically locked due to age.

Top Replies

  • in reply to emmosophos +2

    Confirmed latest pattern update 18.18.62 appears to have resolved the issue, "offending" services have need re-enabled and no further hits int the logs (possibly since the previous update on 12th Oct?). Providing further details for the Labs seems pointless now as issue is no longer occurring.
    It would be interesting to know what and why this was happening as on paper some dubious Android VPN service shouldn't be confused with a simple NTP request...?

    Jump to answer
Parents
  • +2

    Check the current IPS Pattern and verify, if the issue is resolved. Feel free to report back.

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    It seems to be working as expected again.

    I'll keep monitoring but for now all seem fine.

     
    SFVH (SFOS 19.5.1 MR-1-Build278)  - Last (re)boot on Februari 20 2023
    Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports
    [If any of my posts are helpful to you please use the 'Verify Answer' link]
Reply
  • 0 in reply to LuCar Toni

    It seems to be working as expected again.

    I'll keep monitoring but for now all seem fine.

     
    SFVH (SFOS 19.5.1 MR-1-Build278)  - Last (re)boot on Februari 20 2023
    Asus H410i-plus - Pentium 6605 Gold - 250GB M.2 PCIe NVMe SSD - 8GB - 3 ports
    [If any of my posts are helpful to you please use the 'Verify Answer' link]
Children
No Data