2 Replies Latest reply: May 9, 2014 1:22 AM by koala2k RSS

    Alert Wrong Direction in Threat Analyzer

    koala2k

      Hi,

       

      Why all GTI alert is showing as "Outbound" no matter it is an external IP in the src Ip fireld.

       

      Actually, I get same issues on the P2P and DNS attack which display as the wrong direction too.

       

      擷取.PNG

       

      Message was edited by: koala2k on 4/30/14 1:11:17 AM CDT
        • 1. Re: Alert Wrong Direction in Threat Analyzer
          tjaynes

          Koala,

           

          The "Inbound" and "Outbound" description to your alerts comes from the settings of your ports on the sensor. Go to Domain > Device List > Select SENSOR that is incorrectly labeling alerts > within the right had side of the screen now > Physical Device > Port settings > Select the port(s) that are incorrectly labeling. WIthin the window you now see, check the section 'Operating Mode' and see what your Port XX Connected to drop down is set to. If your port pair are inline, you only need to update 1; the other will update automatically.

           

          v/r,

          tjaynes

           

          Message was edited by: tjaynes on 5/6/14 12:23:58 PM CDT
          • 2. Re: Alert Wrong Direction in Threat Analyzer
            koala2k

            Finally, it was found that the multicast flooding occour in the network switch, therefore the packet was enter the senor outbound port unexpectedly.

            Thank you!