Firewall missing traffic
-
Hi everyone.
I've a question and I'm out of ideas and need your help!
For start, here is the environment and the network flow:
- traffic comes from internet to pfsense WAN interface and I've set rule there to allow all traffic to one specific host XX (and I'm logging traffic)
- the server where traffic comes in behind NAT and this traffic goes to host XX as mentioned
Now, the host XX have also hardware firewall and here is the problem:
- hardware firewall detects some traffic as suspicious/intrusion prevention but this traffic I don't see on pfsense traffic - why?
Example of this kind of traffic seen by host XX / hardware firewall:
time: 2017/03/03 10:55:27
src: 83.136.83.234, 443
dst: HOST XX, 18283
TCP scanned port list, 23110, 48846, 14554, 61720, 33472Sometimes traffic like that is logged in pfsense, sometimes it's not. Any ideas?
-
Now, the host XX have also hardware firewall and here is the problem:
- hardware firewall detects some traffic as suspicious/intrusion prevention but this traffic I don't see on pfsense traffic - why?
Ask the unknown firewall vendor. Really totally OT here.
-
So you suspect this hardware firewall could log some traffic that comes through pfsense but that traffic is not logged on pfsense, but it's there?