Hi
We are the running Endpoint Client with the Firewall blade enabled.
When I go to Log Viewer, 99% of the logs is dropped multicast traffic from the Firewall blade.
This makes investigating the logs somewhat difficult as there are limited filtering options available.
Most of the multicast traffic is LLMNR port 5355 tcp and SSDP port 1900 udp.
I want to create a Noise Rule (i.e. Track to None) so this traffic does not appear in the logs.
Is it ok to create a block rule only on the ports as below? Note the source is Any
Can these ports be used by other services? And if they can then how would I create a Noisey Traffic Rule
We are running Endpoint in the cloud EPMAS (Endpoint Management As A Service). To create Endpoint Firewall rules for the Endpoint client I use SmartEndpoint.
There is no destination field in the Endpoint client Firewall as the destination will always be the workstation/laptop
Thus the reason for using ports/services.
239.255.255.250 is Simple Service Discovery Protocol (SSDP) port 1900 udp
Thanks
| User | Count |
|---|---|
| 6 | |
| 5 | |
| 4 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 |
Tue 18 Feb 2025 @ 02:00 PM (EST)
Why Adding SASE to Your Network Infrastructure is a Win-Win - AMERICASWed 19 Feb 2025 @ 10:30 AM (BRT)
Explore o Futuro da Segurança Cibernética com o Quantum Firewall R82 - BrasilThu 20 Feb 2025 @ 11:00 AM (EST)
Tips and Tricks 2025 #2 - Controlling Access to SaaS Apps with Harmony SASETue 11 Mar 2025 @ 06:00 PM (IST)
TechTalk: The Future of Browser Security: AI, Data Leaks & How to Stay ProtectedTue 18 Feb 2025 @ 02:00 PM (EST)
Why Adding SASE to Your Network Infrastructure is a Win-Win - AMERICASWed 19 Feb 2025 @ 10:30 AM (BRT)
Explore o Futuro da Segurança Cibernética com o Quantum Firewall R82 - BrasilThu 20 Feb 2025 @ 11:00 AM (EST)
Tips and Tricks 2025 #2 - Controlling Access to SaaS Apps with Harmony SASETue 11 Mar 2025 @ 05:00 PM (CDT)
Under the Hood: Configuring Site to Site VPN with Azure Virtual WAN and CloudGuard Network Security
