Troubleshooting a potential issue with Proxy attempting to access a Phishing site on port 80
To start troubleshooting please share:
The command to collect the PCAP collects the capture in real-time and the capture would let us see whether, or not, the Proxy gateway is actually attempting to connect to a Phishing site and on the port reported. As you share the capture, also share the URL for the suspicious Phishing site to which the Proxy is attempting to connect, as reported. This is very important, for the investigation to happen successfully. See the snippet below, for guidance on how the command may be run.
The machine status contains all of the fireglass logs, and more. Here we should see historical data as well as, backward before yesterday. Refer to the snippet below, for the execution.
When the above is done,