Forum Discussion

Zero27351's avatar
Icon for Altostratus rankAltostratus
Apr 20, 2022

Portscan detected from f5 snatpool?

Hi Guys,

So we have a security incident in wich a portscan is detected coming from our f5 snatpool towards another specifiek machine. Is there any logging i can check to see from which machine the portscan was initiated? I am not f5 expert so bear with me please 🙂

Thank you.

3 Replies

  • Hello Zero27351.

    If the connection is currently active, you could check the connections table to figure out the origin.

    show sys connection ss-client-addr <SNAT_IP>