Unnecessary traffic on WMI Port

Reply
L3 Networker

Unnecessary traffic on WMI Port

Management interface generating unnecessary traffic on WMI Port... what could be reason??

 

Appliance: PA-5020

PAN-OS:8.1.11

L6 Presenter

Hi @Mohammed_Yasin  Do you have user-id agent configured in your environment ?

 

Mayur

Mayur S.
L3 Networker

Thanks for reply.... Yes, User-ID has configured

L6 Presenter

@Mohammed_YasinSo here suspecting  below points -

 

1. WMI Probing is enabled on user-id agent.

2. User Identification is enabled on untrust zone.

 

Can you please cross check these settings ?

 

Mayur

Mayur S.
L3 Networker

Let me brief, the Unnecessary traffic over management interface,

 

In Perimeter PA 5020

In Data Center Cisco ASA 5xxx

 

In the Cisco firewall logs, the traffic sources are PA Management IP and Destination is Cisco management IP and attempt on port 135.

image001 (3).png

Attachment of logs

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!