Starting today the FW started logging the below traffic. I have pages of this. The origin is the astaro box the destination is another firewall that sits infrom of a lan. The set up looks like this.
Internet Astaro fw dmz switch internal FW
The source port is the proxy port the destination ports are all in the 16ks. The header is either 40 or in the 1300's
Does anyone have a guess as to what this may be. Again this type of traffic, at least the volume, is new. btw This traffic is blocked
11:20:03 10.10.10.1 8080 -> 10.10.10.2 16704 TCP 40 64 DF WINDOW=6432 RES=0x00 ACK PSH FIN URGP=0
11:20:18 10.10.10.1 8080 -> 10.10.10.2 16699 TCP 40 64 DF WINDOW=6432 RES=0x00 ACK PSH FIN URGP=0
11:20:23 10.10.10.1 8080 -> 10.10.10.2 16708 TCP 1324 64 DF WINDOW=6856 RES=0x00 ACK PSH FIN URGP=0
11:20:23 10.10.10.1 8080 -> 10.10.10.2 16706 TCP 1332 64 DF WINDOW=6864 RES=0x00 ACK PSH FIN URGP=0
Thanks in advance
This thread was automatically locked due to age.
