Hi
We are the running Endpoint Client with the Firewall blade enabled.
When I go to Log Viewer, 99% of the logs is dropped multicast traffic from the Firewall blade.
This makes investigating the logs somewhat difficult as there are limited filtering options available.
Most of the multicast traffic is LLMNR port 5355 tcp and SSDP port 1900 udp.
I want to create a Noise Rule (i.e. Track to None) so this traffic does not appear in the logs.
Is it ok to create a block rule only on the ports as below? Note the source is Any
Can these ports be used by other services? And if they can then how would I create a Noisey Traffic Rule
We are running Endpoint in the cloud EPMAS (Endpoint Management As A Service). To create Endpoint Firewall rules for the Endpoint client I use SmartEndpoint.
There is no destination field in the Endpoint client Firewall as the destination will always be the workstation/laptop
Thus the reason for using ports/services.
239.255.255.250 is Simple Service Discovery Protocol (SSDP) port 1900 udp
Thanks
| User | Count |
|---|---|
| 6 | |
| 5 | |
| 4 | |
| 3 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 |
Thu 20 Feb 2025 @ 11:00 AM (EST)
Tips and Tricks 2025 #2 - Controlling Access to SaaS Apps with Harmony SASETue 04 Mar 2025 @ 04:00 PM (CET)
Check Point | WIZ : Powering the Next Era of Cloud Security - AMERICASTue 11 Mar 2025 @ 05:00 PM (CDT)
Under the Hood: Configuring Site to Site VPN with Azure Virtual WAN and CloudGuard Network SecurityThu 20 Feb 2025 @ 11:00 AM (EST)
Tips and Tricks 2025 #2 - Controlling Access to SaaS Apps with Harmony SASETue 04 Mar 2025 @ 04:00 PM (CET)
Check Point | WIZ : Powering the Next Era of Cloud Security - AMERICASTue 11 Mar 2025 @ 05:00 PM (CDT)
Under the Hood: Configuring Site to Site VPN with Azure Virtual WAN and CloudGuard Network Security
