This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Traffic in UTM - there but not there per the logs...

I logged in to the UTM after getting back from an ice cream run. I noticed that there was a lot of bandwidth activity on all interfaces. (I did not think to see which direction it was going, and now it has "disappeared"). I opened the flow monitor and expanded unclassified and saw this:

I dug around the logs, but could not find this IP or that port. That port outgoing is NOT open.

UTM is up to date. (9.312-8)

What the heck is going on?

This thread was automatically locked due to age.

0 Coder68 over 10 years ago

If it makes any difference, I did all my searches for just today first. I found nothing and when to last 7 days.
Cancel
Vote Up 0 Vote Down

Cancel
0 Coder68 over 10 years ago

OK, the mysterious source of the data has been found. It is on the Frontier network and is due to my wife watching VOD. She must have left it running when we went for an ice cream run.

Frontier uses the router for the TV to allow the guide. The subnet for the TV is different then the "Internet" side of the router. That explains why it was not in my logs. Looking up the correct subnet fixes the issue.

Sophos really needs to work on the csv output of logs, and the formatting of those outputs...especially the firewall. They also need to add in some more reports and allow for the creation of custom reports!!
Cancel
Vote Up 0 Vote Down

Cancel