Hello all. I am extremely new to RockNSM, and have just completed my first build. I have some questions that, I’m hoping, you all can answer for me.
After installing RockNSM, my firewall started showing a lot of suspicious activity trying to leave my outside interface. The source of this traffic is my RockNSM server, which is why I’m so concerned about this. There are a lot of policy denies, based on a dynamic block policy I have configured at the FW. The denies are primarily to this IP address: 18.104.22.168. Among the suspicious IPs that are being forwarded from my gateway is 22.214.171.124. There are also five or ten IP addresses talking out on port 123, as well. I can provide more details, if needed.
I am shutting down my server for now, until someone that knows a lot more about RockNSM that I do, can hopefully shine some light on this activity. Thank you!