I have a watchguard firewall which has served well so far. After close monitoring it appears that one of our Vcentre servers is sending requests to an external website. This should not be happening as far as i am aware. I have copied the firewall log below but need to know how i find out from the actual vcentre where this traffic request is coming from and how to stop it.
2011-12-16 10:19:37 Deny 'ip of vcentre1' 126.96.36.199 http/tcp 60799 80 vlan1 0-External blocked sites 52 127 (Internal Policy) proc_id="firewall" rc="101" tcp_info="offset 8 S 3023457499 win 32" Traffic
I have blocked 188.8.131.52 as it is unknown to me, but would like to stop the server from sending the request altogether.
I am currently using Mcafee and all DAT's are up to date on this vcenter.