Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 30 subscribers
  • Views 5694 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

If you wonder why all of your update sites fails, it is not only just a matter of HTTPS scanning and web site categorization anymore ... Could not associate packet to any connection everywhere.

Big_Buck

Hello everyone.  I have noticed recently that all update sites fails on XG v17 MR6.  Microsoft Updates, Google chrome, PDQ Deploy.  Name it. All of them.  I have already posted about a "clean up rule" that can be on all firewalls in the galaxy, except Sophos.  I am posting here another behavior no one can expect coming from another suppliers' firewall.  Bellow is a self explanatory log for a "temporary update server" 10.31.10.135.  Rule 1 is an any-any-any rule.  i.e. allow everything.  "Could not associate packet to any connection." happens once in a while on any firewall.  5 to 10 % maybe ?  But XG v17 MR6 brings this to a whole new level at 90%.  Besides VPN that falls many times a day, this one is new (as far as I am concerned) with XG v17 MR6.  By the way, Checkpoint do not behave as such: SPLAT, GAIA, or embedded GAIA.  So, most likely, it is not a problem with our servers.  Like they say, another day, another misery !!!

Time Log Comp Action Username Firewall Rule In Interface Out Interface Source IP Destination IP Source Port Destination Port Protocol Rule Type Message ID Live PCAP Message
2018-04-04 14:47 Firewall Rule Allowed 1 Port1 Port2 10.31.10.135 13.68.93.109 62738 443 TCP 1 1 Open PCAP
2018-04-04 14:47 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62668 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:47 Invalid Traffic Denied 0 Port1 10.31.10.135 52.84.96.66 62661 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:47 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62667 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:47 Firewall Rule Allowed admin@acme . c o m 1 Port1 Port2 10.31.10.135 208.111.183.38 62911 80 TCP 1 1 Open PCAP
2018-04-04 14:47 Firewall Rule Allowed admin@acme . c o m 1 Port1 Port2 10.31.10.135 208.111.183.38 62910 80 TCP 1 1 Open PCAP
2018-04-04 14:47 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62668 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:47 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62667 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:47 Invalid Traffic Denied 0 Port1 10.31.10.135 52.84.96.66 62661 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:46 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62668 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:46 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62667 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:46 Invalid Traffic Denied 0 Port1 10.31.10.135 52.84.96.66 62661 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:46 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62668 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:46 Invalid Traffic Denied 0 Port1 10.31.10.135 52.84.96.66 62661 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:46 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62667 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:46 Invalid Traffic Denied 0 Port1 10.31.10.135 52.84.96.66 62661 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:46 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62668 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:46 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62667 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:46 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62668 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:46 Invalid Traffic Denied 0 Port1 10.31.10.135 52.84.96.66 62661 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:46 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62667 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:46 Invalid Traffic Denied 0 Port1 10.31.10.135 52.84.96.66 62661 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:46 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62668 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:46 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62667 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:46 Firewall Rule Allowed 1 Port1 Port2 10.31.10.135 34.224.155.5 62743 443 TCP 1 1 Open PCAP
2018-04-04 14:46 Firewall Rule Allowed 1 Port1 Port2 10.31.10.135 65.55.163.222 62741 443 TCP 1 1 Open PCAP
2018-04-04 14:46 Firewall Rule Allowed 1 Port1 Port2 10.31.10.135 34.202.218.131 62739 443 TCP 1 1 Open PCAP
2018-04-04 14:45 Firewall Rule Allowed 1 Port1 Port2 10.31.10.135 65.55.163.222 62742 443 TCP 1 1 Open PCAP
2018-04-04 14:44 Firewall Rule Allowed 1 Port1 Port2 10.31.10.135 72.246.43.24 62694 80 TCP 1 1 Open PCAP
2018-04-04 14:43 Firewall Rule Allowed 1 Port1 Port2 10.31.10.135 13.78.168.230 62699 443 TCP 1 1 Open PCAP
2018-04-04 14:43 Firewall Rule Allowed 1 Port1 Port2 10.31.10.135 52.183.47.176 62697 443 TCP 1 1 Open PCAP
2018-04-04 14:43 Firewall Rule Allowed 1 Port1 Port2 10.31.10.135 40.77.232.92 62693 443 TCP 1 1 Open PCAP
2018-04-04 14:42 Firewall Rule Allowed anyuser@acme . c o m 1 Port1 Port2 10.31.10.135 40.112.152.16 62683 443 TCP 1 1 Open PCAP
2018-04-04 14:42 Firewall Rule Allowed anyuser@acme . c o m 1 Port1 Port2 10.31.10.135 40.112.152.16 62682 443 TCP 1 1 Open PCAP
2018-04-04 14:41 Firewall Rule Allowed anyuser@acme . c o m 1 Port1 Port2 10.31.10.135 52.26.219.15 62689 443 TCP 1 1 Open PCAP
2018-04-04 14:41 Firewall Rule Allowed anyuser@acme . c o m 1 Port1 Port2 10.31.10.135 72.21.91.29 62686 80 TCP 1 1 Open PCAP
2018-04-04 14:39 Firewall Rule Allowed anyuser@acme . c o m 1 Port1 Port2 10.31.10.135 52.84.96.66 62661 80 TCP 1 1 Open PCAP
2018-04-04 14:37 Firewall Rule Allowed anyuser@acme . c o m 1 Port1 Port2 10.31.10.135 52.84.95.35 62670 443 TCP 1 1 Open PCAP
2018-04-04 14:37 Firewall Rule Allowed anyuser@acme . c o m 1 Port1 Port2 10.31.10.135 208.111.183.38 62668 80 TCP 1 1 Open PCAP
2018-04-04 14:37 Firewall Rule Allowed anyuser@acme . c o m 1 Port1 Port2 10.31.10.135 208.111.183.38 62667 80 TCP 1 1 Open PCAP
2018-04-04 14:36 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62544 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:36 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62545 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:36 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62545 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:36 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62544 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:36 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62544 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:36 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62545 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:36 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62545 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:36 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62544 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:36 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62544 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:36 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62545 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:36 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62545 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:36 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62544 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:36 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62545 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:36 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62544 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:32 Firewall Rule Allowed anyuser@acme . c o m 1 Port1 Port2 10.31.10.135 52.26.219.15 62565 443 TCP 1 1 Open PCAP
2018-04-04 14:26 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62473 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:26 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62474 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:26 Firewall Rule Allowed anyuser@acme . c o m 1 Port1 Port2 10.31.10.135 208.111.183.38 62545 80 TCP 1 1 Open PCAP
2018-04-04 14:26 Firewall Rule Allowed anyuser@acme . c o m 1 Port1 Port2 10.31.10.135 208.111.183.38 62544 80 TCP 1 1 Open PCAP
2018-04-04 14:26 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62473 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:26 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62474 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:26 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62473 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:26 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62474 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:26 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62473 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:26 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62474 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:26 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62473 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:26 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62474 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:26 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62473 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:26 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62474 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:26 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62474 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:26 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62473 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:16 Firewall Rule Allowed sophosmanagement@granicor.local 30 Port1 10.31.10.135 207.34.231.64 62491 80 TCP 1 1 Open PCAP
2018-04-04 14:16 Firewall Rule Allowed sophosmanagement@granicor.local 30 Port1 10.31.10.135 207.34.231.64 62476 80 TCP 1 1 Open PCAP
2018-04-04 14:16 Invalid Traffic Denied 0 Port1 10.31.10.135 67.24.137.254 62451 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:16 Invalid Traffic Denied 0 Port1 10.31.10.135 69.192.18.179 62456 443 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:16 Firewall Rule Allowed sophosmanagement@granicor.local 30 Port1 10.31.10.135 207.34.231.64 62475 80 TCP 1 1 Open PCAP
2018-04-04 14:16 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62409 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:16 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62408 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:15 Firewall Rule Allowed sophosmanagement@granicor.local 30 Port1 10.31.10.135 208.111.183.38 62474 80 TCP 1 1 Open PCAP
2018-04-04 14:15 Firewall Rule Allowed sophosmanagement@granicor.local 30 Port1 10.31.10.135 208.111.183.38 62473 80 TCP 1 1 Open PCAP
2018-04-04 14:15 Firewall Rule Allowed sophosmanagement@granicor.local 30 Port1 10.31.10.135 207.34.231.64 62472 80 TCP 1 1 Open PCAP
2018-04-04 14:15 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62409 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:15 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62408 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:15 Firewall Rule Allowed sophosmanagement@granicor.local 30 Port1 10.31.10.135 69.192.18.179 62456 443 TCP 1 1 Open PCAP
2018-04-04 14:15 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62409 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:15 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62408 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:15 Firewall Rule Allowed sophosmanagement@granicor.local 30 Port1 10.31.10.135 67.24.137.254 62451 80 TCP 1 1 Open PCAP
2018-04-04 14:15 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62409 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:15 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62408 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:15 Firewall Rule Allowed sophosmanagement@granicor.local 30 Port1 10.31.10.135 207.34.231.64 62471 80 TCP 1 1 Open PCAP
2018-04-04 14:15 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62409 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:15 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62408 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:15 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62409 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:15 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62408 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:15 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62409 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:15 Invalid Traffic Denied 0 Port1 10.31.10.135 208.111.183.38 62408 80 TCP 0 1001 Open PCAP Could not associate packet to any connection.
2018-04-04 14:15 Firewall Rule Allowed sophosmanagement@granicor.local 30 Port1 10.31.10.135 207.34.231.64 62470 80 TCP 1 1 Open PCAP
2018-04-04 14:15 Firewall Rule Allowed sophosmanagement@granicor.local 30 Port1 10.31.10.135 207.34.231.64 62468 80 TCP 1 1 Open PCAP
2018-04-04 14:15 Firewall Rule Allowed sophosmanagement@granicor.local 30 Port1 10.31.10.135 207.34.231.64 62467 80 TCP 1 1 Open PCAP
2018-04-04 14:15 Firewall Rule Allowed sophosmanagement@granicor.local 30 Port1 10.31.10.135 207.34.231.64 62466 80 TCP 1 1 Open PCAP



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

     

    Increase the default drop timeout value to 24 Hours.

    https://community.sophos.com/kb/en-us/131754

    But this will only clean up your log.

    I assume 99% of these drops are not related to any of your issues.

    Cheers

  • 0 in reply to LuCar Toni

    Hello

    Conntrack on a Checkpoint is 3600 seconds ...  I understand that setting it at 86400 seconds (24 times more) may ease the log file, but it will not improve the firewall behavior.  That said, I wonder how healthy or in line with best practices this could be.  If you look at the log posted before, the last four lines are ok.  After that, the VPN fails.  And we loose the internet.  Ping from the firewall anywhere - 8.8.8.8 for example - seems to re-establish the connection rapidly, but not reliably. 

Reply
  • 0 in reply to LuCar Toni

    Hello

    Conntrack on a Checkpoint is 3600 seconds ...  I understand that setting it at 86400 seconds (24 times more) may ease the log file, but it will not improve the firewall behavior.  That said, I wonder how healthy or in line with best practices this could be.  If you look at the log posted before, the last four lines are ok.  After that, the VPN fails.  And we loose the internet.  Ping from the firewall anywhere - 8.8.8.8 for example - seems to re-establish the connection rapidly, but not reliably. 

Children
  • 0 in reply to Big_Buck

    Hi,

    I have been investigating this issue regarding some of the updates to my Mac Book Pros. Some of the issues appear to be XG and DNS, but not sure how to identify where? I updated the timer as suggested in some earlier threads and that does not appear to have had any affect. My Mac Book Pro has been on line for about 2 hours this morning and is dropping connections.

    Here is a thought, could be totally wrong but it is an idea anyway to investigate. I notice the site that is causing the dropped connections at this moment (no valid connections) has multiple IP addresses and I wonder if the XG is not capable of managing round robin answers from sites?

    Ian

  • 0 in reply to rfcat_vk

    Tonite I monitored some traffic, it seems that when HTTPS traffic goes within the VPN, everything falls for 15 to 25 minutes.  Except the external connection to Teamviewer that's reliable all the time.  We may be back to VPN problems we had few month ago.