This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNS traffic is getting blocked

In XG, I am using DNSoverSSL/TLS for clients. I have specifically ALLOWed port 853,53 and 443 from firewall rule.

Some traffic to port 853 are ALLOWED but most of them are DENIED. Here only OUT_INTERFACE=port4_ppp traffic is ALOWED. The traffic which does not have any OUT_INTERFACE is only getting blocked. Port4_ppp is WAN connection where modem is connected.

Because of this, I am not able to use internet on clients and being forced to use normal DNS over HTTP.

I have attached log screenshot as filtered with filter as out_port=853. Here, we can see some traffic is ALLOWED but most of them are DENIED

How to disable that firewall rule 0 for DNS traffic?

This thread was automatically locked due to age.

0 Jaydeep over 5 years ago

Hi WebShieldNerd

Please take SSH access of the Sophos XG device and follow this KBA Sophos XG Firewall: How to monitor dropped packets using CLI after that use the syntax:

drop-packet-capture 'src host 192.168.1.1 and dst host 1.0.0.1

OR

drop-packet-capture 'src host 192.168.1.1 and dst host 1.1.1.1

This will give you logs regarding why the traffic was blocked or dropped. Please post the result and we can identify more about the issue.
Cancel
Vote Up 0 Vote Down

Cancel
0 WebShieldNerd over 5 years ago in reply to Jaydeep

Here is output as asked.
Cancel
Vote Up 0 Vote Down

Cancel