02-26-2014 11:37 AM
We received notice from our ISP of flagged traffic coming from our firewall's internal ip address to many internet ip's via tcp 135. User ID is turned off on the public facing security zones. We are on PanOS 6.0.0
Anyone else seen this? I set a security policy blocking internet bound tcp 135 traffic from our firewall's management ip. Odd stuff.
02-26-2014 11:55 AM
Hello Sir,
Port 135 is for netbios. This will happen when user identification is enabled on the Untrust zone and the option to perform WMI/NetBios probing is enabled.
Please find below mentioned discussion for more information.
Firewall Sending NetBios Probe Packets from the Public Interface
Management Interface Traffic to Port 135
Re: strange connection from PA - help me please
Thanks
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
