2 Replies Latest reply: May 9, 2014 1:22 AM by koala2k RSS

    Alert Wrong Direction in Threat Analyzer




      Why all GTI alert is showing as "Outbound" no matter it is an external IP in the src Ip fireld.


      Actually, I get same issues on the P2P and DNS attack which display as the wrong direction too.




      Message was edited by: koala2k on 4/30/14 1:11:17 AM CDT
        • 1. Re: Alert Wrong Direction in Threat Analyzer



          The "Inbound" and "Outbound" description to your alerts comes from the settings of your ports on the sensor. Go to Domain > Device List > Select SENSOR that is incorrectly labeling alerts > within the right had side of the screen now > Physical Device > Port settings > Select the port(s) that are incorrectly labeling. WIthin the window you now see, check the section 'Operating Mode' and see what your Port XX Connected to drop down is set to. If your port pair are inline, you only need to update 1; the other will update automatically.





          Message was edited by: tjaynes on 5/6/14 12:23:58 PM CDT
          • 2. Re: Alert Wrong Direction in Threat Analyzer

            Finally, it was found that the multicast flooding occour in the network switch, therefore the packet was enter the senor outbound port unexpectedly.

            Thank you!