This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why won't Sophos do what it's told?

The overriding issue is that a Sophos XG (17.5) drops VOIP traffic over a VPN. After just over 30 seconds the call drops.

This was initially fixed by using 'advanced firewall bypass blah blah' (it is NOT asymmetric, Sophos just drops packets because it feels like it), but in true Sophos fashion, one day it just decided to stop routing all together. Now with bypass stateful packet inspection turned on, the Sophos won't route traffic for the VOIP subnet. After removing the bypass, it will route, but drops calls after 30 seconds.

The firewall logs show 'Could not associate packet to any connection', but presumably that's because it has a routing table that it's just ignoring? Who knows. The traffic can get to the phone, but at some point the Sophos just changes it's mind.

I'm not even 100% sure why I'm posting this. Maybe on the off chance someone can make a good suggestion. I expect a slew of Sophos defense, but the bottom line is these devices are permanently buggy, and Sophos support is non-existent.

This thread was automatically locked due to age.

Parents

0 rogermwl over 6 years ago

I've no idea if it's related, but a good example is

Signatures
Drop
192.168.2.6
192.168.4.50
14
TCP Timestamp is missing

in IPS logs. IPS is set to None. What part of None does Sophos not understand?
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 6 years ago in reply to rogermwl

You should take a deeper look into your console commands.

Which UDP Timeout Stream did you chose?

https://community.sophos.com/kb/en-us/127785

Another point is, there are certain IPS configs, which are globally enabled.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 LuCar Toni over 6 years ago in reply to rogermwl

You should take a deeper look into your console commands.

Which UDP Timeout Stream did you chose?

https://community.sophos.com/kb/en-us/127785

Another point is, there are certain IPS configs, which are globally enabled.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 rogermwl over 6 years ago in reply to LuCar Toni

Sophos should make it that when I select ANY ANY NONE, it actually does ANY ANY NONE

I chose 60. I chose 180. I chose 3600. I didn't come here first. I'm trying to fix a problem for a customer.

There's hundreds of CLI level commands. Delving into all of them shouldn't be required for the most basic of firewall rules.

It turns out https://community.sophos.com/kb/en-us/133096 may have fixed it.

Applies to the following Sophos product(s) and version(s)
Sophos Firewall XG Software v17.1.3 MR3

That is completely and utterly wrong. That this was enabled, and then is now being disabled as standard proves my point that the products are inherently buggy.
Cancel
Vote Up 0 Vote Down

Cancel