Traffic from unknown applications accounts for a large proportion of all traffic. Does this occur because Cloud Firewall cannot identify the applications that generate traffic on the Internet?

Possible causes:
  • A large amount of traffic is generated from the Internet and the traffic does not comply with standard protocols. Therefore, Cloud Firewall cannot identify the traffic type.
  • The destination server blocks network traffic and returns a large number of RST packets. These packets are carried in the inbound or outbound traffic, which causes a large proportion of traffic from unknown applications.
Note You can choose Log Audit > Traffic Logs or Log Audit > Event Logs in the left-side navigation pane to check the source and purpose of the traffic with unknown applications, and determine whether the traffic is normal.
You can view the details of unknown applications on the following pages in the Cloud Firewall console:
  • Unknown application types on the Internet Access pageInternet Access
  • Unknown applications in the Rankings of Visits by Traffic section on the All Access Activities pageAll Access Activities

Why is there a large proportion of traffic with unknown ISPs on the All Access Activities page under Traffic Analysis?

This occurs because a large amount of inbound traffic comes from regions outside China. Cloud Firewall marks the ISPs of such traffic as unknown. To view the regions and ISPs of specific IP addresses, choose Log Audit > Traffic Logs in the left-side navigation pane.

What are the meanings of the tags of domain names on the Outbound Connections page?

The tags are automatically added by Cloud Firewall based on the Internet information in domain names or destination IP addresses. The tags include New, Periodic, Malicious download, Popular website, Ore pooled, and Threat Intelligence.Outbound Connections page
  • New: Cloud Firewall identifies a domain name for the first time.
  • Periodic: Your assets periodically communicate with a domain name or destination IP address.
  • Malicious download, Ore pooled, or Threat Intelligence: Cloud Firewall considers the outbound connection risky. Check whether the risk exists. If the risk exists, we recommend that you configure an access control policy. For more information, see Outbound and inbound traffic control on the Internet firewall.
  • Popular website: A domain name is frequently accessed by your server or business.