Sure. Correct me if I'm wrong, but as is the signature will trigger if the strings
"connect " and ":" and "http" appear in a TCP stream on the WEBPORTS. In the case I investigated, it triggered on a backed connection to MS Outlook Web Access...what may have been an email from/to a developer. My thoughts are that if the "Connect tunnel" must always include a port (I honestly don't know the answer to that but it seems like a port would be required) then why can't we tighten up the regex as indicated?
We are looking into improving it to include the port but rather [0-9][0-9]?[0-9]?[0-9]?[0-9]? than [0-9]+ to make it more efficient. We however want to verify that this will not FP further so want to test it on some OWA traffic. Would it be possible to get some more information on this like a show event output of the packet?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...