we have 2 sonicwalls nsa3600 and a 4600
The NSA 3600 WAN port is a direct fiber point to point vpntunnel connection to the 4600
this is how site with 3600 gets internet
syslog on the 3600 shows packets dropped from nestea/teardrop attack from a public IP address
15:30:08 Sep 27 | 1376 | Security Services | Alert | Nestea/Teardrop attack dropped | x.x.92.229, 80, X9 | 192.168.x.x, 60337 | tcp |
The syslogfor the 4600 shows packets from this same IP dropped from GEO filter. with the same private IP address of the WAN interface of other sonicwallas source, and public IP as destination.
12:30:22 Sep 27 | 1199 | Security Services | Geo IP Responder Blocked | Alert | Responder from country blocked: Responder IP:x.x.92.233 Country Name:xxx | 192.168.x.x, 41457, X9 | x.x.92.233 | 443 | zone | tcp |
How does traffic from this public IP...