Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 442 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Traffic Anomaly on one of the interfaces

papali
Hello guys, I have a problem like this, one of the interfaces Sophos UTM 9201-23, it generates a flood of incoming traffic that sends me into the network block (see attachment). 

So the question is, at the level of the log, reports the firewall there is something I can be of help to understand what type of traffic and where they come from these megabytes of data? 

Obviously, I am also analyzing the web server that is located on the vlan 30 that is compromised. 

Thank you for your help.


This thread was automatically locked due to age.
  • 0
    Web Protection>Application Control>Flow Monitor (for the appropriate interface)

    Command line: iftop, tcpdump
  • 0
    Frank, if you need more help with this, please edit your post, click on [Go Advanced] and replace your external link to imgur with a picture attached to your post.  I don't click on external links that I don't know.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?