Unwanted traffic originating at UTM

Hi, Klaus, and welcome to the UTM Community!

Search the Web Filtering log from yesterday for those two Apple IPs.  I bet you'll find it's one or more clients getting an update for Apple software.

Cheers - Bob

Hi Bob,

thanks for the quick answer.

That's what I also initially assumed, however the traffic seems to be initiated by the UTM itself, since there are about 1.2 Mbps going out of the external interface, but only a fraction of that is entering the internal interface (see screenshots). Is there a possibility to block traffic originating from the UTM itself?

Regards,
   Klaus.

I also am seeing this traffic, in my case it is a problem because my asymmetrical WAN connection is limited at 1.5Mbps, and this "doof" traffic is significantly more than any other outgoing traffic and I am getting frequent connection failures due to timeouts.

I also tried blocking it, trying first the easy way, using the block button on the interface flow monitor table, which created an application control rule that had no apparent effect.  I then attempted to block all traffic originating at WAN adress to the 7 Apple IP addresses in the flow monitor list, which was also ineffective.

Because this is a home network, and it isn't as easy to ignore family as it is users at work, I am hoping for some better definition of what and why this traffic is.  Is there detailed application definition information available somewhere? A little more detailed than the

General browsing and streaming games from online gaming site doof.

that is listed in the information in the Application Control list.  Especially since the description doesn't even give a URL and googling for doof gaming site is ambiguous at best.

Any clues?

Tim

I also am seeing this traffic, in my case it is a problem because my asymmetrical WAN connection is limited at 1.5Mbps, and this "doof" traffic is significantly more than any other outgoing traffic and I am getting frequent connection failures due to timeouts.

I also tried blocking it, trying first the easy way, using the block button on the interface flow monitor table, which created an application control rule that had no apparent effect.  I then attempted to block all traffic originating at WAN adress to the 7 Apple IP addresses in the flow monitor list, which was also ineffective.

Because this is a home network, and it isn't as easy to ignore family as it is users at work, I am hoping for some better definition of what and why this traffic is.  Is there detailed application definition information available somewhere? A little more detailed than the

General browsing and streaming games from online gaming site doof.

that is listed in the information in the Application Control list.  Especially since the description doesn't even give a URL and googling for doof gaming site is ambiguous at best.

Any clues?

Tim

I hoped I could get rid of this traffic by the last update of UTM9 (installed it on Wednesday), but after a while the same effect (over 1 Mbps of outgoing traffic to Apple IPs) took place, which resulted in disconnects of my IPTV and other problems :(. In the end, I replaced the UTM with my old Tomato router (WRT-54g), now everything is fine again (no Apple traffic, no disconnects).