Why Would Both the Source and Destination Be External IPs in Firewall Logs



  • Hey, I'm trying to clean up my firewall logs. I notice that I'm seeing firewall logs that have both the source and the destination as external IPs. How is this possible/what does it mean?

    Side note: I have multi-WAN set up with VPNs.


  • LAYER 8 Global Moderator

    Well yeah - something talking to my wan publicIP, kind of a given that source would also be publicIP..

    Are you saying your seeing traffic on a local lan interface with dest public, and source that is not your local network?

    Could you show us where and what these log entries are that your concerned with..

    normal.png

    Those are hits on my wan - so yeah makes sense that both dest and source would be public.

    Are you seeing a public IP as dest that is not yours? What is the traffic exactly - its possible your seeing broadcast traffic on your ISP network?



  • Thanks for the response. It ended up being the WAN IP 😵


  • LAYER 8 Global Moderator

    hehehe ;) Glad you got it figured out.


Log in to reply