Hello experts,
I have successfully installed Twingate on Docker on Synology NAS. However, since then, I get the following tons of alerts from firewall like the one below:
The following suspicious network event was dropped:
Event Type: Attempted User Privilege Gain
Signature: ET INFO Session Traversal Utilities for NAT (STUN Binding Response)
Severity: high
Source IP: <SOURCE IP>
Destination IP: <NAS IP>
Time: 2023-01-29 11:03:50 (GMT+01:00)
I’ve done some research and it seems that this alert is coming due to the fact that Twingate is constantly checking the NAT IP address:
"
Session Traversal Utilities for NAT STUN Binding Response
Session Traversal Utilities for NAT (STUN) is a protocol that serves as a tool for other protocols in dealing with Network Address Translator (NAT) traversal. It can be used by an endpoint to determine the IP address and port allocated to it by a NAT.
"
Do we have to open some ports on firewall ?
Thank you,
Marius