Top Connecting IP Address chart is not showing correct IP's - 10.0.13.7217
ES 500 just upgraded to 10.0.13. I noticed in the monitor dashboard, the top connecting IP was not familiar (we have a relay upstream from us that is usually top). When I searched the Investigate|Connection Logs, I could not locate that IP address. There were other IP's in the the range but not the IP address that was being shown as the top connecting IP. None of the listed IP's for the Top Connecting are in the Connection Logs. I searched our firewall logs for that IP, but there is no record of that address, or any other of the Top Connecting addresses.
I don't know if this existed in 10.0.12, but I just discovered it in 10.013. Is anyone else experiencing this?
I'll open a case after the holiday's if I'm not seeing any traction on this.
Craig_S Newbie ✭
With the help of BWC, I believe what is happening is that when it is a relayed email, the SonicWall ES 500 disregards the last IP for the Top Connections chart. For the chart, it will use the IP address of the hop before the last one. This is why I was unable to reconcile the IP addresses on the chart to the connections log. The chart was showing the senders IP (or sometimes the relay IP if there was multiple hops within the relaying company), but the log has the actual connection IP. So, when a large amount of email was received from one sender and was relayed, the sending IP showed up in the chart labeled "Top Connecting IP Addresses ", but the connection log had the IP address of the relay.
In reality, the Top Connection IP Addresses chart is more of a Top Senders chart. The Connection Log is just that. The chart shows the senders IP (usually) and the connection log shows the connection being made (in our case, almost always the relay IP).0
I posted this to the wrong forum; Mods please move to the email security appliance forum.