This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED15 in Standard/Unified Mode FW issues

Hello again Community,

i have a strange behavior of my XG310 which is blocking traffic coming from the RED-Device at a branch office.

I have setup a Windows Terminal Server which is accessed by remote users from the branch office behind the RED-Device. The colleagues over there use an application which is accessing network printers (EPSON TM-T88) in the remote location via TCP Port 9100.

I can see this traffic being blocked in the FW (stating as Invalid Traffic in the logs). I also see traffic being block where the source and destination is the subnet of the branch office itself. All of the traffic being blocked has the ID "0", which means there is no fw-rule to apply, from what i´ve learned.

Where to start in my fw-rules?

Thank for replies.

Simon-T.

This thread was automatically locked due to age.

0 Simon-Timothy Folaji over 7 years ago

In addition to my post are some screenshots that (hopefully) explains further:

The IP:192.168.20.107 is a network printer connected at the branch subnet.

The IP:192.168.20.254 is the gateway IP of the RED15 device. What means the column Log Comp "Appliance Access" ?

The funny thing is, ICMP replies reach my main site, the corresponding rule (4) is my LAN-->LAN fw-policy:

Now i found out from the colleagues:

1 printer is functioning perfectly while to other in the same subnet are not functioning at all. How do i debug this behavior?

Thanks again.
Cancel
Vote Up 0 Vote Down

Cancel
0 sachingurung over 7 years ago

Hi Simon,

Welcome to Sophos Community.

The first thing that could help is a simple network diagram, PM me one to understand the setup before we can suggest you something. You can also analyze the drops from drop-packet-capture and send it to me for further analysis.

Thanks,
Cancel
Vote Up 0 Vote Down

Cancel