- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
New 443 traffic from Z3C
Just today, I saw our Z3C Teleworker gateway trying to hit 208.67.220.220 on TCP 443, which is being blocked by our firewall. Our firewall (Palo Alto) identified the application as "dnscrypt". A screen shot is attached.
Is this traffic a new requirement for the Z3C?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That is Cisco's DNS, do you have umbrella?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Take a look at this:
Please, if this post was useful, leave your kudos and mark it as solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
cmr, we're not using umbrella.
alemabrahao, I looked through that (we had that document before we set up the firewall rules), but I didn't see anything for that specific destination or the application.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's a OpenDNS IP, Z3 is trying to resolve some name using this DNS. Someone probably configured it.
Please, if this post was useful, leave your kudos and mark it as solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you recently upgraded to a new major version, MX16 to MX17 for instance? What license mode is your org in? What device is the .1 source?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That was going to be my next comment....yes, I just upgraded it to MX18.107 from MX17.10.2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have this nightmare also. MX450 hubs trying to reach unknown destinations on AWS and/or IPs that are owned by Cisco. No one has a clue , and TAC can't tell me what it is since it's blocked.
But... I'm running a way older version that what you have.
