I've started looking into configuring our Smoothwall box a bit more and one thing I have noticed is that in our logs we have a lot of IP as username entries. These usually coincide with 407 Authentication required codes. Looking deeper you can have a successful username and 200 code for a site and then 2 ip address and 407 codes. All of this is browser traffic so I don't understand why it wouldn't authenticate. Support are saying it is standard behaviour, but I'm not so sure.
Anyone seen anything like this before or had it?
Yep, ours does a similar thing from time to time. Are you using NTLM? If you go into the realtime system log you'll probably see bad handshakes every so often too and then "work around succeeded" and a new authentication login. I wouldn't worry about it!
There are currently 1 users browsing this thread. (0 members and 1 guests)