Hi,
Currently I have the following setup:
ISP -> TO with Firewall -> second Hardware Firewall -> internal Network
If I look at the logfile of the 2nd Firewall I see quite some threat attempts, sometimes DoS attacks etc. from the internet. E.g. today there was a DoS attack on the WAN port of the 2nd FW: source Port 80 TCP, destination Port 44156/44162/44163/44165 TCP (they were all closed on both FW). But attack was not successful (touch wood). Port 80 TCP of TO is filtered but it seems that this port was involved.
TO has no usual open ports beside 8080 TCP, lord only knows why it is always open.
Honeypot function is not activated.
The TO Firewall setup is the factory version, I did not yet change anything since using it.
Why do these threat attempts reach the 2nd firewall at all? I assume that if the TO Firewall is working/set up correctly, the 2nd Firewall should be more or less bored and in idle mode but not under fire like it is. True or not?
Anything I can change in TO to fix this?
Thank you!