This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem with SOPHOS having issues with our LC messenger

Good day to all SOPHOS members,

I have an issue and I need your assistance. One of our client's messaging system is having erratic connection issues. When I checked the Firewall I found out from logs that SOPHOS is blocking the traffic, marking it invalid. There were no alrams like internet disconnection from our SOPHOS Firewall. Can anyone give me any idea what is happening. From the logs the invalid traffic is placed under Firewall ID 0, which means SOPHOS cannot identify the said traffic based on my research. Please check below for some screenshots.

Here are our ISP there are no alarms.

Here is our bandwidth monitor, no connection outage recorded.

But when i checked the logs there wre traffic being blocked by SOPHOS firewall.

Please take note I am using SOPHOS XG310. Firmware SFOS v17.5.0 GA.

Thanks

rodneyaltam

This thread was automatically locked due to age.

0 rfcat_vk over 6 years ago

Hi Rodney,

the rule 0 traffic can be ignored and disabled if you so desire. I suggest you upgrade to at least MR-3.

Which rule is actually dropping the traffic, ignoring rule 0?

You need to review the logviewer firewall, application and web tabs to get a good picture of activities and failure reasons. Is messaging system using a business rule? Does it originate all connections?

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 6 years ago in reply to rfcat_vk

Most likely you can even disable this Invalid Traffic Rule.

https://community.sophos.com/kb/en-us/131754
Cancel
Vote Up 0 Vote Down

Cancel
0 Rodney Altamera over 6 years ago in reply to rfcat_vk

Hi rfcat_vk,

The problem with this invalid rule it is disconnecting our messaging app. the destination ip is the address of the Livechat Server which the messaging app is using to connect. Checking it further I found out that the incoming data stream is being block. How can I fix this since it is affecting our operations. Please check screenshot below for details.

As you can see from the screenshotabove the error is "Could not associate packet to any connection".

Here is the Live connection monitoring.

Upon deeper inspection I found that the incoming stream is being tagged as invalid traffic.

Using open cap below are the details :

Ethernet header
Source MAC address:
Destination MAC address:
Ethernet type IPv4 (0x800)

IPv4 Header
Source IP address:23.46.104.17
Destination IP address:120.72.22.75
Protocol: TCP
Header:20 Bytes
Type of service: 0
Total length: 71 Bytes
Identification:56446
Fragment offset:16384
Time to live: 52
Checksum: 23648

TCP Header:
Source port: 443
Destination port: 44652
Flags: PSH
Sequence number: 2574493645
Acknowledgement number: 746674956
Window: 542
Checksum: 40525

Do you have any idea how to resolve this?

Thanks

rodneyaltam
Cancel
Vote Up 0 Vote Down

Cancel
0 Rodney Altamera over 6 years ago in reply to LuCar Toni

Hi LuCar Toni,

Thanks for sharing this post. But my problem is not disabling these invalid traffic rule, my problem how to allow the blocked packet since our Livechat messaging systems is sometimes working then sometimes not working. When a disconnection occurs I try to check and find out that the packet was blocked by Sophos.

Thanks

rodneyaltam
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 6 years ago in reply to Rodney Altamera

Just wanted to give you a hint in the correct direction.

Most likely the Invalid Traffic is not your Issue and not even a symptom of your Issue.

You should dig into the Logs if this issue occurs. Maybe you will see something in the drop packet capture Log of Xg.
Cancel
Vote Up 0 Vote Down

Cancel
0 Rodney Altamera over 6 years ago in reply to LuCar Toni

Hi LuCar Toni,

This is noted. Thanks for the info. I'll try to dig deeper. I am just a little confused as to what is causing this disconnection.

Cheers.

rodneyaltam
Cancel
Vote Up 0 Vote Down

Cancel