https://community.cisco.com/t5/web-security/wsa/m-p/4005376#M8922 <P>Hello&nbsp;<SPAN>&nbsp;<SPAN class="user-badges-list">&nbsp;</SPAN><SPAN class="UserName lia-user-name lia-user-rank-Beginner lia-component-message-view-widget-author-username"><SPAN class=""><A id="link_14" class="lia-link-navigation lia-page-link lia-user-name-link" href="https://community.cisco.com/t5/user/viewprofilepage/user-id/56479" target="_self">ccg-security</A>,</SPAN></SPAN></SPAN></P> <P>&nbsp;</P> <P><SPAN><SPAN class="UserName lia-user-name lia-user-rank-Beginner lia-component-message-view-widget-author-username"><SPAN class="">TCP 445 is used for SMB communication. check if the WSA is trying to communicate with&nbsp;the AD. Is your AD on the outside?</SPAN></SPAN></SPAN></P> <P>&nbsp;</P> <P>Regards</P> <P>Shikha Grover</P> <P>PS: Please don't forget to rate and select as validated answer if this answered your question.</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 02 Jan 2020 01:43:34 GMT shgrover 2020-01-02T01:43:34Z https://community.cisco.com/t5/web-security/wsa/m-p/3946995#M8840 <P><BR />We would like to know why is that our WSA is communicatiing in public using 445?&nbsp;<BR /><BR /></P> Thu, 24 Oct 2019 14:44:39 GMT https://community.cisco.com/t5/web-security/wsa/m-p/3946995#M8840 ccg-security 2019-10-24T14:44:39Z https://community.cisco.com/t5/web-security/wsa/m-p/3947073#M8841 <P>The IP provided belong to apple -&nbsp;apple.parklogic.com</P> <P>&nbsp;</P> <P>So better look at console what device is try to communicated, Do you have any apple device in the network. ?</P> <P>&nbsp;</P> <P>here port information :</P> <P>&nbsp;</P> <P><A href="https://support.apple.com/en-is/HT202944" target="_blank">https://support.apple.com/en-is/HT202944</A></P> Thu, 24 Oct 2019 07:33:56 GMT https://community.cisco.com/t5/web-security/wsa/m-p/3947073#M8841 balaji.bandi 2019-10-24T07:33:56Z https://community.cisco.com/t5/web-security/wsa/m-p/3947316#M8843 <P>Hello Balaji,</P><P>&nbsp;</P><P>How can we&nbsp;l<SPAN>ook at console what device is try to communicated?</SPAN></P> Thu, 24 Oct 2019 13:22:23 GMT https://community.cisco.com/t5/web-security/wsa/m-p/3947316#M8843 ccg-security 2019-10-24T13:22:23Z https://community.cisco.com/t5/web-security/wsa/m-p/3947368#M8845 <P>Looging to WSA using SSH</P> <P>once you see below prompt follow same steps :</P> <P>&nbsp;</P> <P>&nbsp;&gt; grep</P> <P>&gt;1 (this is for access logs)</P> <P>&gt;45.79.222.138</P> <P>&gt; N</P> <P>&gt; N</P> <P>&gt; Y</P> <P>&gt; N</P> <P>&nbsp;</P> <P>then you can see real-time which IP address contacting that server.</P> <P>&nbsp;</P> <P>or you can also do report on GUI destination type IP address - 45.79.222.138</P> <P>&nbsp;</P> Thu, 24 Oct 2019 14:13:46 GMT https://community.cisco.com/t5/web-security/wsa/m-p/3947368#M8845 balaji.bandi 2019-10-24T14:13:46Z https://community.cisco.com/t5/web-security/wsa/m-p/4005376#M8922 <P>Hello&nbsp;<SPAN>&nbsp;<SPAN class="user-badges-list">&nbsp;</SPAN><SPAN class="UserName lia-user-name lia-user-rank-Beginner lia-component-message-view-widget-author-username"><SPAN class=""><A id="link_14" class="lia-link-navigation lia-page-link lia-user-name-link" href="https://community.cisco.com/t5/user/viewprofilepage/user-id/56479" target="_self">ccg-security</A>,</SPAN></SPAN></SPAN></P> <P>&nbsp;</P> <P><SPAN><SPAN class="UserName lia-user-name lia-user-rank-Beginner lia-component-message-view-widget-author-username"><SPAN class="">TCP 445 is used for SMB communication. check if the WSA is trying to communicate with&nbsp;the AD. Is your AD on the outside?</SPAN></SPAN></SPAN></P> <P>&nbsp;</P> <P>Regards</P> <P>Shikha Grover</P> <P>PS: Please don't forget to rate and select as validated answer if this answered your question.</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 02 Jan 2020 01:43:34 GMT https://community.cisco.com/t5/web-security/wsa/m-p/4005376#M8922 shgrover 2020-01-02T01:43:34Z