Constant firewall blocking alerts

Everson
Everson W/ Member Posts: 23 Cyber Knight
in WithSecure Business Suite

Several computers on my network began to display the firewall blocking alert with the description of NMAP TCP scan, but all computers in NAT protected by a Security Gateway, and these attacks start from several remote addresses, some coming from google, amazon and akamai .

But I realized that these warnings started to appear after activating the DPI-SSL feature (Deep Packet Inspection of Secure Socket Layer) that
Inspect SSL traffic When the client is on the firewall's LAN, and accesses content located on the WAN.

 

Really I can be suffering an attack or F-Secure may be interpreting wrongly the DPI-SSL feature?

Comments

  • Ben
    Ben W/ Alumni Posts: 664 Cybercrime Crusader

    Hello Everson, 

     

    Could you tell us is Intrusion Prevention is enabled on your end-points?

    If so could you try disabling it to see if you still get alerts?

    See this article on this feature.

This discussion has been closed.

Categories