getting traffic after the interface is down

cancel
Showing results for 
Search instead for 
Did you mean: 

getting traffic after the interface is down

L3 Networker

Hey guys hope you doing well I got a question I get a challenge one of my user getting traffic logs of NetBIOS by source Pvt IP from LAN to WAN the device from the source side is down the 2 Pvt IP still hitting the cleanup rule. The Policy is denied by the firewall but why do the traffic logs show the two source IP which is down from that side. is that any command to clear cache or something please help. and In-application is NetBIOS-ns.

4 REPLIES 4

Cyber Elite
Cyber Elite

@FarhanKoujalgi,

If you look at the detailed log information is the start_time actually associated with when these clients are known to be down? The logs are probably just session_end logs that are being generated after the firewall closes the session. 

Dear @BPry 

The interface from the source side is down so why am I getting logs of netbios hitting to deny rule 

I check the logs time by the time it's generated in a gap of 2 5 minutes.

if that side of a link is down then why the firewall show us a log of netbios

L3 Networker

The interface from the source side is down so why am I getting logs of netbios hitting to deny rule 

I check the logs time by the time it's generated in a gap of 2 5 minutes.

if that side of a link is down then why the firewall show us a log of netbios

Is this a single firewall or a cluster? I agree it does not make sense that there are logs when the interdace is down, but did you really rule out any possibility of this? Was the interface effectively down or did it maybe come back already or at least for a short time? Did you check what @BPry asked for - check the detailed logs to see the start time? Is it possible that the start time was prior to the interface down? Was there maybe an application change in the connection - the firewall allowed a few packets, then the interface went down, then anwer packets reached the firewall wan side and them the firewall was able to see netbios so the connection was denied.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!