Hi all,
time to tune some TP Profile, so i'm going deep into some any-any rule to tune it.
I found some strange logs that i wanna discuss with you:
1)
2)
1) Anti-bot is a know post-infection security feature; i assume that only traffic from internal to external is relevant for this blade.... so, can you help me why anti-bot is triggered for traffic with source internet and destination FW external interface?
2) Anti-virus: it seems that the blade is saying "hey, internet IP is tryng to reach you, but you are a site known to contain malware"... Am i wrong?
thank you!