Blocking notifications showing phantom source IP and phantom destination IP

edited June 2023 in Firebox - Other

Getting this notification for the last 2 months

Alarm Any.Deny-Trusted-2-Optional-py generated by device T15: Policy Name: Any.Deny-Trusted-2-Optional-00 Source IP Address: Source Port: 51687 Destination IP Address: Destination Port: 7680

I have a LAN with 3 computers permitted access to a file server on an optional network only on 3 SMB ports and on ports 80 and 443. Ports 80 and 443 are permitted only because Microsoft systems verify the validity mapped drives and shortcuts by attempting connections on 80 and 443 and I didn't want the workstations blocked because of this traffic.

There is no device with IP on the LAN and there is no device with IP on the optional network. Port 7680 is the Window Update delivery optimization port.

These alerts come every few days, but today there were about 10 alerts in a 30 minute period.


  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @swbca
    If an alarm log is being generated, it'll be based on a log that was displayed by the firewall. The notification would have been generated by the notification/alarm options on the "Any.Deny-Trusted-2-Optional" policy.

    A support file should show alarm logs in the alarm log file (in current_log.) If you're unable to find this traffic, I'd suggest opening a support case and one of our techs can assist.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.