Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Daniel_Kavan
Advisor

SAM block

This may be a pre Infinity SOC question, but I didn't see a category for smart event.

RFE, it would be nice if a SAM block told you somewhere what event in smart event triggered it.   So, you could make an exception there instead of a global exclusion.  That being said why is my gateway using port 80 (http) to contact Akamai technologies all the time?   What smart event protection could be the culprit here?   

The source is actually my gateway itself, R81.10 JHF55.

 

Id: ac160028-44a6-3813-62cc-1f3ae3b30004
Marker: @A@@B@1657541940@C@1486467
Log Server Origin: 
Time: 2022-07-11T13:01:46Z
Interface Direction: outbound
Interface Name: eth17
Id Generated By Indexer:false
First: true
Sequencenum: 83
Source: 
Source Port: 48508
Destination: 104.71.130.75
Destination Port: 80
IP Protocol: 6
Message Information: SAM rule
Action: Reject
Policy Name: policy
Policy Management: 1
Db Tag: {12D898E0-1EC0-BB45-9928-AB3A4B9A15B3}
Policy Date: 2022-07-06T20:09:36Z
Blade: Firewall
Origin: 
Service: TCP/80
Product Family: Access
Logid: 1
Interface: eth17
Type: Connection, Alert

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

The Management space with a SmartEvent label would be the right classification.

I suspect these reaches out to port 80 from the gateway are the gateway checking in with ThreatCloud and the like.
Yes, we do use Akamai as a CDN for these services. 
More details in sk83520.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events