| Message Code | PIX-5-415001 |
| Severity | Notification |
| Description | internal_sig_id HTTP Tunnel detected - action tunnel_type from source_address to dest_address |
| Explanation | This message is issued when the http-map port-misuse command is configured and a tunnelling protocol is detected. internal_sig_id—This an internal “policy number” that can be used by developers to identify the specific policy that triggered the alert. action—This can contain either: “Reset -” or “Drop -” depending upon the user-configured action. If the action is “log” then the null string "" is passed. dest_address—The estination address of the packet in which the tunnelling was detected. source_address—The source address of the packet in which the tunnelling was detected.tunnel_type—Indicates which type of tunnelling protocol was detected. |
| User Action | The message indicates that a user was running a tunnelling protocol over HTTP. This may violate policy. |
| Reference Links |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.