Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 8303 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Wake On LAN

ChristianD

Hi all,

we are trying to get Wake On LAN working, but magic packets seem to be blocked:

2018-11-27 10:42:57 0103021 IP 192.168.31.51.52541 > 192.168.30.191.7777 : proto UDP: packet len: 110 checksum : 46636

0x0000:  4500 0082 2384 0000 8011 57a4 c0a8 1f33  E...#.....W....3
0x0010:  c0a8 1ebf cd3d 1e61 006e b62c ffff ffff  .....=.a.n.,....
0x0020:  ffff bcee 7b22 01cf bcee 7b22 01cf bcee  ....{"....{"....
0x0030:  7b22 01cf bcee 7b22 01cf bcee 7b22 01cf  {"....{"....{"..
0x0040:  bcee 7b22 01cf bcee 7b22 01cf bcee 7b22  ..{"....{"....{"
0x0050:  01cf bcee 7b22 01cf bcee 7b22 01cf bcee  ....{"....{"....
0x0060:  7b22 01cf bcee 7b22 01cf bcee 7b22 01cf  {"....{"....{"..
0x0070:  bcee 7b22 01cf bcee 7b22 01cf bcee 7b22  ..{"....{"....{"
0x0080:  01cf                                     ..

Date=2018-11-27 Time=10:42:57 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=CLIENTS out_dev= inzone_id=10 outzone_id=4 source_mac=00:23:5e:e5:ce:c2 dest_mac=7c:5a:1c:4c:a7:c8 l3_protocol=IP source_ip=192.168.31.51 dest_ip=192.168.30.191 l4_protocol=UDP source_port=52541 dest_port=7777 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=134096096 masterid=0 status=256 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to LuCar Toni

    Thank you for your answer!

    31.51 (/24) is a deployment server, 30.191 (/26) is the address of the target network (=broadcast address).

    Both subnets are connected via one interface and are in the same zone 'CLIENTS'.

    There is a rule that allows all traffic on all networks from zone 'CLIENTS' to zone 'CLIENTS'.

    Nothing else is activated (no ips, traffic shaping, web policy, etc.).

  • +1 in reply to ChristianD

    Basically we cannot forward Broadcast packets. It some kind of basic network feature to protect Broadcast flood. 

    https://networkengineering.stackexchange.com/questions/5521/how-can-routers-forward-broadcast-traffic

    Most of the time, vendors build some kind of workaround to perform this, because some vendors for WoL or DHCP etc. uses this technique . But we did not build anything to forward this.

    There are couple of feature request. https://ideas.sophos.com/forums/330219-xg-firewall?query=wake%20up%20on%20lan

     

    I worked with WoL vendors, who can use both. Simple Broadcast, which only works in the same subnet or "specific" hosts. So they basically build a mechanism to send a single packet to each host instead of one to the broadcast address. Just to prevent this. Feel free to ask your WoL Vendor. They should face such issues "all the time", with firewalls. 

  • 0 in reply to LuCar Toni

    Ok, in consideration of network protection I can understand that it's not supported.

    Nevertheless we ran cisco firewalls and didn't expect other vendors not have implemented that feature.

    After some searching I found some articles about "IP directed broadcasts" or "subnet directed broadcasts". That would be the feature needed here and I will request it at Sophos Ideas.

    So long we will have a look at unicast WoL and consider in building up a wol-relay infrastructure...

    Thanks for your help!