Traffic shows up in firewall log and its on the same subnet 255.255.252.0 (192.168.10.111:515 192.168.8.24:51162) Any ideas why this would be happening or how to eliminate it? I can't notice a problem other than about 3 times a minuet a new log entry is created as blocked.
255.255.252.0 (192.168.10.111:515 192.168.8.24:51162)
The first bolded port number is a printer spooler service port. The second bolded port number is a random port above 1024 just to keep an established session on port 515, no need to worry about that. Do you have a print server or print sharing enabled on IP address 192.168.10.111 or 192.168.8.24?
only way for that to show up like that is if it's destined to the MAC of the firewall, or broadcast. The latter is highly unlikely. Seems likely the 192.168.10.111 device has a wrong subnet mask on it so it's trying to send that traffic via the firewall, not recognizing 192.168.8 as local.