I have 2 ASA5516-x active-Standby HA with Firepower services.
Since the Quarantine all users is working from his houses by anyconnect VPN.
So in the intrusion events, in the firepower, starts to report me too many Port Scans from the VPN pool address..
I cant realize if some applicattion is generating this because destination and source port showns as 0.
Only broadcast that appears in the real-time monitor of the ASA is NetBios with dest port 137.
any ideas how can i realize where this traffic from?
There is no information in the rule snort documentation.
Thanks for you help.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: