6 Replies Latest reply on Aug 13, 2012 1:10 PM by jkeranen

    Firewall blocking traffic that up until last week was allowed

    jkeranen

      I am having problems with our sidewinder all of a sudden blocking traffic that up until late last Thursday worked fine.   It is an online banking site used by our finance people.  I have the banks subnet in my defense bypass group and that's all it's ever taken to get it to work.    Any ideas.   The traffic is now being flagged as a critical attack.  See below.   Thanks in advance for any assistance.

       

      2012-08-13 11:20:34 -0500 f_http_proxy a_aclquery t_attack p_major

      pid: 17197 logid: 0 cmd: 'httpp' hostname: nocgate1.humdev.com

      category: policy_violation event: ACL deny attackip: 10.128.105.46

      attackzone: internal application: <Unknown TCP> srcip: 10.128.105.46

      srcport: 1114 srczone: internal protocol: 6 dst_geo: US

      dstip: 208.66.22.78 dstport: 443 dstzone: external rule_name: Deny All

      cache_hit: 1 ssl_name: Exempt All reason: Traffic denied by policy.