03-03-2019 03:50 PM
I have a newly installed ISE 2.3 install in a DMZ and I am seeing attempts for my cluster to reach out to port 80 on this IP address 185.53.178.9. I can't tell if this is something I should expect from our node or if its safe to keep blocking it and move on with my life. I am trying to keep whats allowed out of the DMZ to a minimum of course and wanted to know if anybody else know the reason for this access request.
Thank you,
Solved! Go to Solution.
03-04-2019 02:51 AM
03-03-2019 06:04 PM
Doesn't look good at all
https://www.abuseipdb.com/whois/185.53.178.9
Where did you detect this? Coming from the ISE host(s) ?
03-04-2019 02:51 AM
03-04-2019 06:48 AM
I first found this while trying to watch my firewall logs for a new DMZ setup where we will have a stand alone ISE 2 node deployment for guest access only. So the goodness is this isn't a cluster that is inside my PROD network, its a new install on VM ware and it seems to be the only external connectivity that this cluster is making other than DNS requests. This traffic is currently blocked and has never been allowed to contect.
Maybe it's time for a TAC, thanks for the reply's
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide