Firewall Traffic flagged as unknown-tcp using port 31200

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Firewall Traffic flagged as unknown-tcp using port 31200

L1 Bithead

Hello,

Seeing some traffic for Unknown-tcp using port 31200. I'm in the process of refining our firewall rules to be more granular and for this current rule has an any app on any service applied with no restrictions. Trying to see what I can create for this particular traffic in a separate rule. 
Is there a way to determine what this is exactly? Or ideas on how to add this traffic to a new rule without causing issues? It is allowed traffic as it stands in the general rule we have. 

 

Thank you for any insights/help!

1 REPLY 1

Community Team Member

Hi @JasonFerris ,

 

That looks like it might be a non-standard port used by internal/custom apps.  I would take a look at the source and destination IP addresses then reaching out to the developers or app owners responsible for those systems. They will likely have the best insight onto what application is running on that port. Once identified and you understand the traffic traversing your firewall, you can consider creating a security policy with a custom App-ID. 

Now if you want to safely clean up this policy in the mean time, you can create a security policy above the any-any rule that you have. In this new rule, set the service port to tcp 31200 and leave the application as any. 

 

Hope this helps! 

LIVEcommunity team member
Stay Secure,
Jay
Don't forget to Like items if a post is helpful to you!

Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
  • 386 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!