Log in

Sangfor Support Center

Table of Contents
< All Topics
Print

[AF] IPS protection client Medium IP Endpoint protection Logs security log

Posted
Updated
Byadmin
Views3

Problem Description

In the Security Logs, we see a lot of data from external IP addresses attacking the internal network. The matching Policies is to protect the customer's internal network from the external network.

Warning Info

Effective troubleshooting steps

This Trojan vulnerability hits the client's access to the server Policies, so the actual source IP is the client's IP and the destination is the external network IP.
The rule logs of IPS Endpoint protection such as trojans and spyware will be recorded in reverse in the Security Logs display, and the source IP will be displayed as an external network address, which means that there are malicious servers on the external network that want to attack the poisoned computers on the internal network.

Root cause

Endpoint protection will be recorded in the Security Logs display, which is normal;

solution

Endpoint protection of IPS protection client will be recorded in the Security Logs display, which is normal.

Original Link

https://support.sangfor.com.cn/cases/list?product_id=13&type=1&category_id=1202&isOpen=true