Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 92 replies
  • Subscribers 44 subscribers
  • Views 11265 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Any experience with an excessive number of ThunderVPN hits?

ARandomHerdFan

I recently set up a new XG firewall at our main branch location in order to assist with IPS and application control service.   I am currently using the "Block high risk (Risk Level 4 and 5) apps" setting for app control.

What I am noticing is a large amount of ThunderVPN hits on our network, and I'm at a bit of a loss on what could be causing this traffic.  I'm glad they are being blocked, but I wanted to see if anyone had any experience with this and what might be utilizing this service.

Our entire network consists of Dell workstations and the traffic is coming from various IP addresses, not just one machine.

Thanks in advance for any information!



This thread was automatically locked due to age.
Parents
  • 0

    The issue is under review of Sophos Labs. 

  • 0 in reply to LuCar Toni

    I have the same problem with detection as "Thunder VPN", however, it happens to me with HCL Notes clients, which normally communicate only via port 1352. Due to the fact that "Thunder VPN" is also blocked in the application control, I have massive problems with the Notes clients, partly because of this error no attachments can be saved from the e-mails or mail boxes can not be opened, because the connection breaks. I have now temporarily allowed "Thunder VPN" in the application control, so the problems are gone for now, but this can only be a workaround. I hope that this bug will be fixed as soon as possible.

  • 0 in reply to Daniel Baumgärtel

    I have disabled IPS and application testing on all my internal rules that were causing this error. Interestingly the NTP does not suffer this issue when accessing external NTP servers.

    Ian

Reply Children
No Data