Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 3 answers
  • Subscribers 31 subscribers
  • Views 1984 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Appliance Access denied ? What is really mean?

Brian Willy

Hi All i want to ask about log Comp = Appliance Access denied on log viewer, we currently having a lot of Appliance Access on log viewer i read some artical it said it just a droped broadcast packet form internal (LAN) and external (WAN) but if it was the case why would it be called "Applliance Access" ? 

i Just want to know if it actually something i need to worry about? or is it a normal ?

NB : 
We have Sophos XGS 3300 & XGS 4300 and both showing the sama log.



This thread was automatically locked due to age.
Parents
  • 0

    Appliance Access in General is traffic going to the interface, which the appliance has no rule for it. 

    So it could be broadcast (traffic to the entire network) which hits the appliance as well and gets dropped. It could be WAN traffic going to your appliance. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    what lucar describes may be what you see. cou could post a screenshot of thos appliance access logs in question.

    imagine windows clients in a subnet, looking for SMB shares automatically. they discover that by Port 137 and 445 broadcasts. those hit your firewall and the firewall has no port or service open for that traffic so it is denied and logged with that message.

    also attackers portscanning your XG WAN from external cause that logs.

Reply
  • 0 in reply to LuCar Toni

    what lucar describes may be what you see. cou could post a screenshot of thos appliance access logs in question.

    imagine windows clients in a subnet, looking for SMB shares automatically. they discover that by Port 137 and 445 broadcasts. those hit your firewall and the firewall has no port or service open for that traffic so it is denied and logged with that message.

    also attackers portscanning your XG WAN from external cause that logs.

Children
No Data
Unfiltered HTML