This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Invalid Traffic

I create IPsec VPN and get ping between the two sites, however, I have an issue with one port 9000. Sophos block, as you see in pictures.

Already idle timeout is 21600 (set advanced-firewall tcp-est-idle-timeout 21600).

Thank you

Toby

This thread was automatically locked due to age.

Parents

0 Keyur over 5 years ago

Hi Toby al

Please make sure that the firewall rule for the VPN connection is allowing port 9000 and take tcpdump and drop packet capture on the port number of IP addresses. This specific traffic not able to find the firewall to move forward.

Regards,

Keyur
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
Cancel
Vote Up 0 Vote Down

Cancel
0 Toby al over 5 years ago in reply to Keyur

Hi Keyur,

First thank you, for your reply.

I try to add specific ports like port 9000, in-destination service, However still the same issue.

If you notice, there are two times port 9000 is allowed. when other times are denied.

Thank you

Toby
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Toby al over 5 years ago in reply to Keyur

Hi Keyur,

First thank you, for your reply.

I try to add specific ports like port 9000, in-destination service, However still the same issue.

If you notice, there are two times port 9000 is allowed. when other times are denied.

Thank you

Toby
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 lferrara over 5 years ago in reply to Toby al

Toby, check your DOS protection policy and see if there you get traffic blocked.
Cancel
Vote Up 0 Vote Down

Cancel
0 Toby al over 5 years ago in reply to lferrara

Hi

Thank you for advice.

I created a DOS bypass for a specific IP and all ports, however still the same issue.

Thank you

Toby
Cancel
Vote Up 0 Vote Down

Cancel
0 Keyur over 5 years ago in reply to Toby al

Hi Toby al

Could you please try to take tcpdump and drop packet capture?

https://community.sophos.com/kb/en-us/123567

https://community.sophos.com/kb/en-us/127111

Regards,

Keyur
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
Cancel
Vote Up 0 Vote Down

Cancel
0 Toby al over 5 years ago in reply to Keyur

Hi Keyur,

I hope you are doing well,

I did that, however, it's not useful as you see in the picture below.

The strange thing is it allows for 2 times and then denied.

Thank you

Toby
Cancel
Vote Up 0 Vote Down

Cancel
0 Keyur over 5 years ago in reply to Toby al

Hi Toby al

Did you add any static routes in the firewall for the remote network?

Is there any IP added in advanced bypass rule through CLI?

Is there any other DNAT configuration on the same WAN IP?

Could you please delete the same DNAT and try to configure it again and verify?

Regards,

Keyur
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link
Cancel
Vote Up 0 Vote Down

Cancel
0 Jaydeep over 5 years ago in reply to Toby al

Hi Toby al

In this drop packet capture, It shows like the TCP session is not known to XG. Would you please refer Sophos XG: CLI Troubleshooting Tools and read conntrack entries for the traffic?

Regards

Jaydeep
Cancel
Vote Up 0 Vote Down

Cancel