Traffic from unknown applications accounts for a large proportion of all traffic. Does this occur because Cloud Firewall cannot identify the applications that generate traffic on the Internet?
- A large amount of traffic is generated from the Internet and the traffic does not comply with standard protocols. Therefore, Cloud Firewall cannot identify the traffic type.
- The destination server blocks network traffic and returns a large number of RST packets. These packets are carried in the inbound or outbound traffic, which causes a large proportion of traffic from unknown applications.
- Unknown application types on the Internet Access page
- Unknown applications in the Rankings of Visits by Traffic section on the All Access Activities page
Why is there a large proportion of traffic with unknown ISPs on the All Access Activities page under Traffic Analysis?
This occurs because a large amount of inbound traffic comes from regions outside China. Cloud Firewall marks the ISPs of such traffic as unknown. To view the regions and ISPs of specific IP addresses, choosein the left-side navigation pane.
What are the meanings of the tags of domain names on the Outbound Connections page?
- New: Cloud Firewall identifies a domain name for the first time.
- Periodic: Your assets periodically communicate with a domain name or destination IP address.
- Malicious download, Ore pooled, or Threat Intelligence: Cloud Firewall considers the outbound connection risky. Check whether the risk exists. If the risk exists, we recommend that you configure an access control policy. For more information, see Outbound and inbound traffic control on the Internet firewall.
- Popular website: A domain name is frequently accessed by your server or business.