Hey guys hope you doing well I got a question I get a challenge one of my user getting traffic logs of NetBIOS by source Pvt IP from LAN to WAN the device from the source side is down the 2 Pvt IP still hitting the cleanup rule. The Policy is denied by the firewall but why do the traffic logs show the two source IP which is down from that side. is that any command to clear cache or something please help. and In-application is NetBIOS-ns.
Is this a single firewall or a cluster? I agree it does not make sense that there are logs when the interdace is down, but did you really rule out any possibility of this? Was the interface effectively down or did it maybe come back already or at least for a short time? Did you check what @BPry asked for - check the detailed logs to see the start time? Is it possible that the start time was prior to the interface down? Was there maybe an application change in the connection - the firewall allowed a few packets, then the interface went down, then anwer packets reached the firewall wan side and them the firewall was able to see netbios so the connection was denied.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!