Very often this type of rule triggers because the network hierarchy is not setup correctly or is missing some address space. I also make sure the RFC1918, multicast and locally administered IP space is listed in there and that takes care of a lot of it. Seems the default rules think all that traffic is to\from BOGON networks.
------------------------------
Frank Eargle
------------------------------
Original Message:
Sent: Mon August 17, 2020 06:04 AM
From: Ahmed ElHabashi
Subject: CRE issue
Hello All,
I have a issue when upgraded QR to last version i see CRE called Communication with a Potential Hostile IP Address (Flows) generate a lot of offenses with different applications, and because its flow when searching with Source IP in the Log Activity see the Log source is the Firewall and all session denied, any suggestions to how tune this CRE
Thanks
------------------------------
Ahmed ElHabashi
------------------------------