we currently have several internal networks and in one of them internet access is very limited. An investigation with your recommended procedure has shown several blocked connections, for example to Apple servers. This behavior would be expected, but I did not find any clear indication that these are the port scans detected by the Firewall.
By a port scan I don't understand blocked traffic on port 443 for example, but it could be ment, because the second explanation in the column Message: "High activity of unallowed access from [...]" suggests that this is indeed the case. Secondly, I don't find any other event in the history that would be available in such a high number that it could be relevant.
Is there a way to resolve the number of events that were summarized in the counter or to compare them chronologically to the other log file of the history?
BTW: Did I overlook the possibility to add pictures to the posting or is this only possible with linked content from an external hosting? I also got the following message when I wanted to link the pictures: "Youe have entered a link to a website that the administrator does not allow links to"
I'm just a little surprised and apologize for the uncomfortable handling of the screenshots.
Thx & Bye Tom