I have a couple iDevice Switches in my home that are utilizing a firewall rule I created for my IOT devices that has a customized Application Filter. One thing I noticed is the iDevice Switches are causing the Sophos XG Application Filter to block an application classified as 'Torrent Clients P2P'. Here is the firewall log:
2018-05-30 03:06:20Application Filtermessageid="17051" log_type="Content Filtering" log_component="Application" log_subtype="Denied" fw_rule_id="7" user="" user_group="" appfilter_policy_id="9" category="P2P" app_name="Torrent Clients P2P" app_risk="5" app_technology="P2P" app_category="P2P" src_ip="165.254.21.196" src_country="USA" dst_ip="[iDevice Switch]" dst_country="R1" protocol="UDP" src_port="30041" dst_port="60752" bytes_sent="0" bytes_received="0" status="Deny" message="" appresolvedby="Signature"
I contacted the iDevice company and they confirmed the source IP address is legitimate and coming from their servers. Apparently what's causing this is the 'iDevices Remote Access' feature which allows you to access your iDevice devices from the iDevice app outside of your local home network. I'm posting this data here incase anyone else runs into the same issue in the future and hoping the Sophos team can use this data to update their application signature database. If there's any other data you need, please let me know!
Additionally, this is not published anywhere but the iDevice networking team provided me with the ports their devices utilize which is UDP 29979:30170.
This thread was automatically locked due to age.
