Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 12 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 6888 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Dropbox is being blocked

Daniel Bingham

Hi, I am running Dropbox on my machines, and as of today, I get an unable to connect message. In the past, this has worked with no problems. I can see that I have received pattern updates etc. but that is it.

Verison SFOS 17.5.5 MR-5

=======================================

Drop-packet-capture:

 drop-packet-capture 'host 192.168.1.212'

2019-06-23 19:55:14 010202124 IP 192.168.1.212.54491 > 162.125.83.7.443 : proto TCP: R 2647634639:2647634639(0) checksum : 53417

0x0000:  4500 0028 0000 4000 4006 82cf c0a8 01d4  E..(..@.@.......

0x0010:  a27d 5307 d4db 01bb 9dcf b2cf 0000 0000  .}S.............

0x0020:  5004 0000 d0a9 0000                      P.......

Date=2019-06-23 Time=19:55:14 log_id=010202124 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=1 outzone_id=2 source_mac= dest_mac= l3_protocol=IP source_ip=192.168.1.212 dest_ip=162.125.83.7 l4_protocol=TCP source_port=54491 dest_port=443 fw_rule_id=7 policytype=2 live_userid=1 userid=15 user_gp=2 ips_id=12 sslvpn_id=0 web_filter_id=1 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=1 app_category_id=5 app_id=100 category_id=49 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=1 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=88 gateway_offset=0 max_session_bytes=1 drop_fix=0 ctflags=1241547786 connid=1514500400 masterid=0 status=430 state=8 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

Date=2019-06-23 Time=19:55:19 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port1 out_dev= inzone_id=1 outzone_id=4 source_mac=f0:18:98:84:d4:73 dest_mac=ff:ff:ff:ff:ff:ff l3_protocol=IP source_ip=192.168.1.212 dest_ip=255.255.255.255 l4_protocol=UDP source_port=17500 dest_port=17500 fw_rule_id=0 policytype=0 live_userid=1 userid=15 user_gp=2 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=1076147360 masterid=0 status=256 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

 

2019-06-23 19:55:19 010202130 IP 192.168.1.212.53961 > 162.125.83.3.443 : proto TCP: R 1545099583:1545099583(0) win 4095 checksum : 12093

0x0000:  4500 0028 0000 4000 4006 82d3 c0a8 01d4  E..(..@.@.......

0x0010:  a27d 5303 d2c9 01bb 5c18 593f 241c 0a9f  .}S.....\.Y?$...

0x0020:  5014 0fff 2f3d 0000                      P.../=..

Date=2019-06-23 Time=19:55:19 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= l3_protocol=IP source_ip=192.168.1.212 dest_ip=162.125.83.3 l4_protocol=TCP source_port=53961 dest_port=443 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

=======================================

Under Protect - Web - Exceptions:

Matching URLs:
^([A-Za-z0-9.-]*\.)?dropbox\.com\.?/
HTTPS decryption
Malware and content scanning
Sandstorm
Policy checks

 

Legacy HTTPS Exceptions
URLs that were automatically skipped for HTTPS Decryption on earlier versions of XG Firewall.
Matching URLs:
alicebusiness.it
contacts.msn.com
deluxe.com
dropbox.com
federalreserve.org
iataindia.org
login.live.com
logmein.com
6 more ...
HTTPS decryption

Policy checks

Connection Test time 20:12:04 Sunday
Destination tcp://162.125.83.3:443
Destination IP 162.125.83.3, port 443, TCP
Source IP 192.168.1.212
Source zone Auto-detection
User dan mbp (Clientless user)
Result Allowed
Firewall rule Rach and Dan (ID: 7)
 
Allow All
 
 
Connection Test time 20:12:25 Sunday
Destination tcp://162.125.83.7:54491
Destination IP 162.125.83.7, port 54491, TCP
Source IP 192.168.1.212
Source zone Auto-detection
User dan mbp (Clientless user)
Result Accepted
Firewall rule Rach and Dan (ID: 7)
 
=======================================
Firewall Rule ID: 7 (Rach and Dan)

Summary

Rach and Dan

Allow

Rule

Apply "Allow All" app filter, "Allow All" web filter, IPS, for "rach mbp " and " dan mbp" users, when in "LAN" zone, and coming from any network, decrypt and scan for malware

Source & schedule

 

LAN
Source networks and devices : Any
During scheduled time : All the time

 

Destination & services

 

WAN
Destination networks : Any
Services : Any

 

Identity

rach mbp,dan mbp

 


This thread was automatically locked due to age.