Hi,
we're frequently seeing alerts like "The number of TCP connections per minute from a specific source IP address exceeded the configured limit". Since our users connect to the proxy from Remote Desktop Servers (Citrix) I've already added those IP's to the Flood mitigation exceptions list and upped the threshold for exceptions.
After investigating a few of these alerts I'm seeing an extremely large amount (over 10.000 per minute) of SSL connections to hosts in the drip.trouter.io domain (ex. 193-149-88-182.drip.trouter.io). This domain seems to belong to Microsoft, does anyone know what is triggering these connections and why? It seems like an unnecessary strain on the TMG servers.
Best regards,
Enrico Klein