Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 196
  • Last Modified:

Over 90,000 new connections in last 24 hours - LAN or Firewall trouble?

I have two Sonicwall 3500 devices configured with HA. Over the last few days we have been experiencing some strange activity from the firewall(s). Yesterday they kept failing back and forth to each other and would take the network down temporarily if the second one would fail back to the first before the first was finished rebooting from the previous failover.

Also, the CPU cores 1,2, and 3 all were spiking up to 100% utilization if IPS was enabled. I disabled IPS for a few minutes, manually rebooted both devices, enabled IPS, and now the network seems ok.

However, what seems odd to me is that I reset the statistics on the Network -> WAN Failover & LB screen 24 hours ago. Now it is showing that it has just over 90,000 new connections, and over 2 million total connections. I'm watching this number grow as I type this. I only have around 75 machines on my network, so both of these numbers seem extremely high as if something is inside my network doing bad things.

I have virus protection on all my machines inside, and two rounds of virus protection (external email spam/virus filter and the IPS & Gateway AV on the Sonicwalls) so I am not sure how anything could have gotten through.

Does anyone have any ideas to track down the To and From for all these connections? We are a small company and do not have netFlow monitoring capabilities or a ViewPoint license.
1 Solution
You need to enable packet logging on the firewall to see what the traffic is.

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now