This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Firewall showing as attack source

Question
0

Sign in to vote

Hello,

We have setup ATA using lightweight gateways, with the central server located within Azure. From testing ATA using the ATA playbook we are not seeing the end client IP but the firewall. This attack client is on the network behind the firewall and non-domain joined, is there further windows event logs required to capture the end client IP.

Many Thanks

Friday, February 24, 2017 10:53 AM

Answers

0

Sign in to vote
To answer my own question.

This was a SNAT on the firewall masking the clients.
- Marked as answer by Hodgkinson Friday, February 24, 2017 8:23 PM
Friday, February 24, 2017 1:19 PM