Traffic between and

I'm getting a lot of traffic from source ip to destination in my logs.
All traffic is denied (Unhandled-External-Packet). I'm not using the 172.16 subnet on my internal network. I can't figure out why this traffic is being generated or where it is coming from. I get thousands of these entries every day.
Can anyone shed some light on this?

Best Answer

  • Options
    edited July 2023 Answer ✓

    The deny log message shows you the source and destination interfaces involved.

    "Unhandled-External-Packet" suggests that this is coming in from your external interface. is a multicast IP addr.

    If these deny log messages are sufficiently annoying, you can add an appropriate policy, set to denied, and set to not log.
    If you would like to do this, please post a sample deny log message for help in setting up the policy.


  • Options

    Do you have another piece of hardware between the external interface of your firebox and either the Internet or a WAN provided by an ISP?
    Sometimes these devices will send mulitcast traffic for monitoring purposes to see if you are still up and if anything has changed.

    It's usually something simple.

  • Options

    Thanks guys. I will go ahead and set up a deny policy.

Sign In to comment.