https://community.checkpoint.com/t5/Firewall-and-Security-Management/SAM-block/m-p/152695#M71579 <P>This may be a pre Infinity SOC question, but I didn't see a category for smart event.</P> <P>RFE, it would be nice if a SAM block told you somewhere what event in smart event triggered it.&nbsp; &nbsp;So, you could make an exception there instead of a global exclusion.&nbsp; That being said why is my gateway using port 80 (http) to contact Akamai technologies all the time?&nbsp; &nbsp;What smart event protection could be the culprit here?&nbsp; &nbsp;</P> <P>The source is actually my gateway itself, R81.10 JHF55.</P> <P>&nbsp;</P> <P>Id: ac160028-44a6-3813-62cc-1f3ae3b30004<BR />Marker: @A@@B@1657541940@C@1486467<BR />Log Server Origin:&nbsp;<BR />Time: 2022-07-11T13:01:46Z<BR />Interface Direction: outbound<BR />Interface Name: eth17<BR />Id Generated By Indexer:false<BR />First: true<BR />Sequencenum: 83<BR />Source:&nbsp;<BR />Source Port: 48508<BR />Destination: 104.71.130.75<BR />Destination Port: 80<BR />IP Protocol: 6<BR />Message Information: SAM rule<BR />Action: Reject<BR />Policy Name: policy<BR />Policy Management: 1<BR />Db Tag: {12D898E0-1EC0-BB45-9928-AB3A4B9A15B3}<BR />Policy Date: 2022-07-06T20:09:36Z<BR />Blade: Firewall<BR />Origin:&nbsp;<BR />Service: TCP/80<BR />Product Family: Access<BR />Logid: 1<BR />Interface: eth17<BR />Type: Connection, Alert</P> Mon, 11 Jul 2022 20:12:49 GMT Daniel_Kavan 2022-07-11T20:12:49Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SAM-block/m-p/152695#M71579 <P>This may be a pre Infinity SOC question, but I didn't see a category for smart event.</P> <P>RFE, it would be nice if a SAM block told you somewhere what event in smart event triggered it.&nbsp; &nbsp;So, you could make an exception there instead of a global exclusion.&nbsp; That being said why is my gateway using port 80 (http) to contact Akamai technologies all the time?&nbsp; &nbsp;What smart event protection could be the culprit here?&nbsp; &nbsp;</P> <P>The source is actually my gateway itself, R81.10 JHF55.</P> <P>&nbsp;</P> <P>Id: ac160028-44a6-3813-62cc-1f3ae3b30004<BR />Marker: @A@@B@1657541940@C@1486467<BR />Log Server Origin:&nbsp;<BR />Time: 2022-07-11T13:01:46Z<BR />Interface Direction: outbound<BR />Interface Name: eth17<BR />Id Generated By Indexer:false<BR />First: true<BR />Sequencenum: 83<BR />Source:&nbsp;<BR />Source Port: 48508<BR />Destination: 104.71.130.75<BR />Destination Port: 80<BR />IP Protocol: 6<BR />Message Information: SAM rule<BR />Action: Reject<BR />Policy Name: policy<BR />Policy Management: 1<BR />Db Tag: {12D898E0-1EC0-BB45-9928-AB3A4B9A15B3}<BR />Policy Date: 2022-07-06T20:09:36Z<BR />Blade: Firewall<BR />Origin:&nbsp;<BR />Service: TCP/80<BR />Product Family: Access<BR />Logid: 1<BR />Interface: eth17<BR />Type: Connection, Alert</P> Mon, 11 Jul 2022 20:12:49 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SAM-block/m-p/152695#M71579 Daniel_Kavan 2022-07-11T20:12:49Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/SAM-block/m-p/152737#M71580 <P>The Management space with a SmartEvent label would be the right classification.</P> <P>I suspect these reaches out to port 80 from the gateway are the gateway checking in with ThreatCloud and the like.<BR />Yes, we do use Akamai as a CDN for these services.&nbsp;<BR />More details in sk83520.<BR /><BR /></P> Mon, 11 Jul 2022 20:15:08 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/SAM-block/m-p/152737#M71580 PhoneBoy 2022-07-11T20:15:08Z