Sonicwall consuming and generating packets from WAN instead of forwarding
KyleL Newbie ✭
We have a client that has an on-prem Exchange server, one of their users kept getting their account locked due to incorrect credentials being entered into OWA. Usually, I would check the iis logs, find the ip address the request is coming from and block it. In this instance the source ip address in the iis logs is being reported as the LAN ip address of the SonicWall. Packet capture on the SonicWall shows the same, source ip address is the LAN IP of the SonicWall. Is this a configuration error in the fw? How do find the actual source ip address the traffic is being generated from?
Category: Entry Level Firewalls
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
@KyleL , are you using Log Automation on the firewall to receive Alerts, Logs or Health Check e-mails? Check the mail server settings on the firewall.
Log automation is not configured, Mail Server field is $null
@KyleL to establish a baseline here, the traffic seen by your EXS originated from the Firewall is HTTPS (tcp/443) traffic, because it's OWA related, right?
The only two reasons which come to my mind possibly causing this are: