04-16-2013 08:04 AM - edited 03-11-2019 06:29 PM
I have a Web server in my DMZ. Periodically the server sends traffic with source tcp/80 and a random destination tcp port. Is this normal?
04-16-2013 08:10 AM
Hi,
Wouldnt this happen in any situation where the DMZ server is hosting Web/HTTP services to the outside world and someone was connecting to it and loading web page contents?
Do you have any logs capture so share with us of the situation?
- Jouni
04-16-2013 09:10 AM
This sounds like normal behavior as long as there is a packet before the outbound packet from the outside host making a request to your web server on tcp/80. The random high port is the port the requester will listen on for the reply. A packet capture using the ASA packet capture wizard will let you see for sure.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide