Dear all,
I saw a lot of dropping (TCP by rule 0; reason: unknown established TCP packet) in my log since yesterday--all send by one of my mail servers to the rest of my FWs. Also, it uses the same s_port: 1097/1074. Since my mail server works fine (no particular activity going on as before), I wonder if this is some kind of illegal activities to my network. Could someone give me some ideas about this? I really appreciate any help. Thanks in advance.
Best Regards,
Chi-lien Lee
