Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 6283 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AT&T Wifi calling being classified as Tiger VPN

shred

Noticed my Application Policy is blocking something being classified as "Tiger VPN", which I don't have. Looking up the IP address, it appears to be related to AT&T Wifi calling. Here is the firewall log:

2018-07-17 09:56:36Application Filtermessageid="17051" log_type="Content Filtering" log_component="Application" log_subtype="Denied" fw_rule_id="9" user="" user_group="" appfilter_policy_id="10" category="Proxy and Tunnel" app_name="Tiger VPN" app_risk="5" app_technology="Client Server" app_category="Proxy and Tunnel" src_ip="129.192.164.10" src_country="USA" dst_ip="172.16.16.31" dst_country="R1" protocol="UDP" src_port="4500" dst_port="4500" bytes_sent="0" bytes_received="0" status="Deny" message="" appresolvedby="Signature"

Posting this for anyone else that might run into this issue. Hopefully Sophos can use this information to update how wifi calling is being classified.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Shred,

    I will require a Packet Capture file for investigation. Could you please configure a plain firewall rule with all the filtering modules set to NONE for a particular source IP address; take 129.192.164.10 as in the logs? Then initiate a packet capture, while using the AT&T calling feature.  PM me this pcap file, it will help us investigate the packet flow and provide you an update about the classification. 

    Thanks,

  • 0 in reply to sachingurung

    I'm not sure how to export a pcap file. I've configured the firewall rule and I enabled Packet Capturing for the specified source address, which appears to be logging the traffic but there's no option to export the data from the web GUI.

Reply Children
No Data