Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 26 subscribers
  • Views 1167 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Lightspeed Relay-Rocket

Casey Thompson

Has anyone had issues getting Lightspeed Relay-Rocket working with your Sophos XG firewall?  Rocket is for BYOD devices that don't have the Lightspeed Relay client installed onto them so that they still get filtered, basically DNS filtering.  Below are the open firewall ports that are needed for rocket to communicate.  I'm just not sure if I have my firewall rules set up incorrectly.  Currently I have: Source - Any Zone, Rocket : Destination - Any Zone, Any Host : What - Rocket Service Group (with ports listed below) 

 

Listening Ports

  • 22 – SSH
    53 – DNS
    80 – Access page
    1813 – RADIUS accounting
    8003 – Agent announce
    8443 – OAuth for Google and O365

 

Connection Ports

53 – Resolver queries
80 – System processes
123/udp – System time sync
389 – Directory access
443 – System processes/updates & OAuth



This thread was automatically locked due to age.
  • 0

    Hello Casey Thompson,

    Thank you for contacting the Sophos Community.

    Your Firewall rule for what you are describing seems to be correct. I am taking that you are not using Decrypt and scan or IPS or WebFilter in the Firewall rule.

    Does Relay Rocket need a DNAT rule? 

    Have you set the Firewall on TOP?

    What error are you getting from the Relay Rocket?

    Regards,

  • 0 in reply to emmosophos

    Relay Rocket does not need a DNAT rule as it is all internal.

    What do you mean by set the firewall on top?  Relay Rocket is a Linux VM.

    Relay Rocket is a dns based filtering for our BYOD devices who don't have the client installed.  It seems this is working, however, devices with the client are being double filtered.

  • 0 in reply to Casey Thompson

    Hello Casey,

    Sorry I meant to say to put the Firewall rule you created for Relay Rocket on top of the Firewall rule list. 

    For the users with the client installed, make sure the Firewall rule they are using doesn't have Web Filtering enabled. 

    Regards,