We did an upgrade to our entire Sentinel to version and after
the upgrade we do upgraded the collector/connectors to they last
versions. After a while we noticed that the Cisco Firewall Collector is
swapping the SourceIp with the TargetIp(at least for some events of type
305005). Furthermore in the ExtendedInformation tag the Source Interface
Name is OUTSIDE when it should be INSIDE. For example the Message = "No
translation group found for tcp src INSIDE:172.x.x.x/3778 dst
OUTSIDE:173.x.x.x/1500" it shows in SourceIp = 173.x.x.x and TargetIp =
The ExtendedIformation = {"Source Interface Name":"OUTSIDE","Destination
Interface Name":"INSIDE"}

We didn't find any bug related to this, can someone help us to solve
this issue ?

Viki Dusnoki

vdusnoki's Profile: https://forums.netiq.com/member.php?userid=5728
View this thread: https://forums.netiq.com/showthread.php?t=49642