The FMC logged several events with two internal IPs initiating a connection to Hong Kong, the connection was blocked, no packets were logged, and when I drill down into the event there is no more information to give me why these two IPs are trying to establish an outbound connection to Hong Kong.
I am just trying to figure out why is this happening?
What could be the issue?
Are you referring to the Intrusion events or the connection events that you are receiving ?
It is the connection events for an internal IP address, that initiating to hong kong. Thanks for the response.
Hi ,
You can Edit Search on the Analysis > Connections , and check in Table view of connections for more info as in what ports , protocol etc it was hitting .
Regards,
Aastha Bhardwaj
Rate if that helps!!!
Hello Sebrjohnson,
Have you able to find which policy the specific connection event IP was hitting and what are the other details and actions taken place ?
Regards
Jetsy