Unnecessary traffic on WMI Port

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Unnecessary traffic on WMI Port

L4 Transporter

Management interface generating unnecessary traffic on WMI Port... what could be reason??

 

Appliance: PA-5020

PAN-OS:8.1.11

4 REPLIES 4

Cyber Elite
Cyber Elite

Hi @Mohammed_Yasin  Do you have user-id agent configured in your environment ?

 

Mayur

M

Thanks for reply.... Yes, User-ID has configured

@Mohammed_YasinSo here suspecting  below points -

 

1. WMI Probing is enabled on user-id agent.

2. User Identification is enabled on untrust zone.

 

Can you please cross check these settings ?

 

Mayur

M

Let me brief, the Unnecessary traffic over management interface,

 

In Perimeter PA 5020

In Data Center Cisco ASA 5xxx

 

In the Cisco firewall logs, the traffic sources are PA Management IP and Destination is Cisco management IP and attempt on port 135.

image001 (3).png

Attachment of logs

  • 2715 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!