Hi There,   It’s unlikely the MX would switch things up out of nowhere—those devices tend to stick to their routines! Did you happen to schedule a firmware upgrade sometime in the past week? Or maybe there were some other tweaks made to the network recently? Oh, and one quick check—can the firewall still chat with the AD? I’d suggest kicking things off with an authentication attempt and running a PCAP toward the AD to see what’s up. Are we spotting that LDAP exchange? Does everything look happy and healthy? Let us know how it goes—we’re here to help! ... View more

Hi There! Vulnerability scanners often simulate traffic, including spoofing source IPs, to test network responses. It’s conceivable that your scanner at 10.20.18.47 is generating traffic with a spoofed source IP of 10.20.28.21 (the printer’s address) as part of its testing. The MX would log the spoofed IP in the event, but "View Client Details" would still point to the scanner’s real IP based on its MAC. You might want to review the scanner’s configuration or logs to see if it’s intentionally sending traffic from 10.20.28.21. Perhaps disconnect the scanner for a while and see if the logs are still there. ... View more