The following syslog is showing application "Torrent Clients P2P" for all of our IPSec Tunnel Interface traffic. This traffic between our IPSec and internal server is not Torrent traffic. How do I reclassify this properly in the Sophos XG V18?
date=2022-01-19 time=07:24:44 timezone="MST" device_name="REMOVED" device_id=REMOVED log_id=010101600001 log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" status="Allow" priority=Information duration=12 fw_rule_id=245 nat_rule_id=0 policy_type=1 user_name="" user_gp="" iap=0 ips_policy_id=0 appfilter_policy_id=0 application=" Torrent Clients P2P" application_risk=5 application_technology="P2P" application_category="P2P" vlan_id="" ether_type=Unknown (0x0000) bridge_name="" bridge_display_name="" in_interface="xfrm1" in_display_interface="xfrm1" out_interface="PortB1" out_display_interface="PortB1" src_mac=REMOVED dst_mac=REMOVED src_ip=10.XXX.XX.XX src_country_code=R1 dst_ip=10.XX.XX.XX dst_country_code=R1 protocol="TCP" src_port=59162 dst_port=389 sent_pkts=25 recv_pkts=49 sent_bytes=5659 recv_bytes=52055 tran_src_ip= tran_src_port=0 tran_dst_ip= tran_dst_port=0 srczonetype="VPN" srczone="VPN" dstzonetype="LAN" dstzone="LAN" dir_disp="" connevent="Stop" connid="2343195968" vconnid="" hb_health="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud=0
This thread was automatically locked due to age.
