Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1736
Views
0
Helpful
4
Replies

WSA

ccg-security
Level 1
Level 1

‎10-23-2019 11:05 PM - edited ‎10-24-2019 07:44 AM


We would like to know why is that our WSA is communicatiing in public using 445? 

Labels:
0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎10-24-2019 12:33 AM

The IP provided belong to apple - apple.parklogic.com

 

So better look at console what device is try to communicated, Do you have any apple device in the network. ?

 

here port information :

 

https://support.apple.com/en-is/HT202944

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

ccg-security
Level 1
Level 1
In response to balaji.bandi

‎10-24-2019 06:22 AM

Hello Balaji,

 

How can we look at console what device is try to communicated?

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to ccg-security

‎10-24-2019 07:13 AM

Looging to WSA using SSH

once you see below prompt follow same steps :

 

 > grep

>1 (this is for access logs)

>45.79.222.138

> N

> N

> Y

> N

 

then you can see real-time which IP address contacting that server.

 

or you can also do report on GUI destination type IP address - 45.79.222.138

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

shgrover
Cisco Employee
Cisco Employee

‎01-01-2020 05:43 PM

Hello   ccg-security,

 

TCP 445 is used for SMB communication. check if the WSA is trying to communicate with the AD. Is your AD on the outside?

 

Regards

Shikha Grover

PS: Please don't forget to rate and select as validated answer if this answered your question.

 

 

0 Helpful
Customers Also Viewed These Support Documents