Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 3 answers
  • Subscribers 31 subscribers
  • Views 1981 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Appliance Access denied ? What is really mean?

Brian Willy

Hi All i want to ask about log Comp = Appliance Access denied on log viewer, we currently having a lot of Appliance Access on log viewer i read some artical it said it just a droped broadcast packet form internal (LAN) and external (WAN) but if it was the case why would it be called "Applliance Access" ? 

i Just want to know if it actually something i need to worry about? or is it a normal ?

NB : 
We have Sophos XGS 3300 & XGS 4300 and both showing the sama log.



This thread was automatically locked due to age.
Parents
  • 0

    Appliance Access in General is traffic going to the interface, which the appliance has no rule for it. 

    So it could be broadcast (traffic to the entire network) which hits the appliance as well and gets dropped. It could be WAN traffic going to your appliance. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Yes, this is a generic message from the firewall (aopliance) meaning "A packet arrived and was apparently meant for me -- there were no rules or routes that would send it elsewhere -- and I do not have any valid service expecting such a packet." 

    So it includes things like "port scans" from the WAN (trying to connect to ports on the WAN port and public IP of the appliance that are not forwarded via some mechanism), broadcast traffic (at least on a guest network with client isolation), and so on. There's a slightly different category called "Invalid Traffic" which is usually the result of a connection between WAN and internal machine that was closed but the WAN end still tried to use it. In this case, I do not think it's considered Appliance Access.

    I have a report I do that lists all of these by port and protocol, just to get a feel for what are popular targets in the wild. Basically I see a port scan about every 10 seconds or so. (Not a big-time target.)

Reply
  • 0 in reply to LuCar Toni

    Yes, this is a generic message from the firewall (aopliance) meaning "A packet arrived and was apparently meant for me -- there were no rules or routes that would send it elsewhere -- and I do not have any valid service expecting such a packet." 

    So it includes things like "port scans" from the WAN (trying to connect to ports on the WAN port and public IP of the appliance that are not forwarded via some mechanism), broadcast traffic (at least on a guest network with client isolation), and so on. There's a slightly different category called "Invalid Traffic" which is usually the result of a connection between WAN and internal machine that was closed but the WAN end still tried to use it. In this case, I do not think it's considered Appliance Access.

    I have a report I do that lists all of these by port and protocol, just to get a feel for what are popular targets in the wild. Basically I see a port scan about every 10 seconds or so. (Not a big-time target.)

Children
No Data
Unfiltered HTML