Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 12 replies
  • Subscribers 28 subscribers
  • Views 2179 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Troubleshooting blocked connections

Garth Kirkwood

Inn my Home Lab I hand migrated from UTM to XG and was extremely pleased with the speed increase I got on my connection, unfortunately everything has not be peachy.

I am finding it much more difficult to troubleshoot connections that don't work. In my UTM days I could see it blocked either through the Firewall or the Web filter would have dropped packets, but in XG there is nothing.

An example today my Daughter through Facebook Messenger sent my wife and I a Video Chat request, we could accept the chat but then after a moment it would drop the connection. To get it to work I had to turn on my FW rule that allows everything out from the LAN to the WAN.

With this rule active I turned on Logging and found that it worked without issue. And now researching for this post I found that there are three (3) ports used that were NEVER blocked previously. I found that with the logging on Ports 3478, 5222 & 40002 with my Wife's phone it worked, but there was no additional logging for my desktop and now it worked.

This is only one example of how confusing it is to troubleshoot connectivity issues.

Another "block" is my Wireless Access Points are on a separate VLAN to the controller and packets from the WAPs to the Controller are dropped even with a firewall rule with this logged:

Invalid Traffic
Denied
  
N/A
0
    
192.168.254.149
192.168.72.33
47278
8080
TCP
0
01001
Open PCAP
Could not associate packet to any connection.

I don't care  that my firewall cannot associate the packet, I just want it to send it through, DON'T touch it.

Thus I has two issues, how do I find where the FW is blocking stuff and how do I get my FW to just forward traffic without touching it?

 

Cheers



This thread was automatically locked due to age.
  • 0 in reply to Garth Kirkwood

    First of all, UTM does the same as XG, but simply has other default values. 

    Invalid Traffic is not per default activated in UTM, it is in XG.

    Invalid Traffic Logging has a 3 hours IDLE Timeout in XG, 24 h in UTM, if activated to log. 

    So if you like to have the same principles like UTM, put it to 24 h and deactivate the logging. 

     

    • From PC 192.168.254.xx to Camera 192.168.72.xx

     

    Is this not a access from one network to another? I mean, it seems to be? 

  • +1 in reply to LuCar Toni

    LuCar Toni said:

    Is this not a access from one network to another? I mean, it seems to be? 

    With this point you are right, that is access from one network to the other, the point I am trying to make is that there in nothing in the logs when the FW rule is turned off saying that it is block. Packets are just silently dropped.

    This is the issue I am trying to address.

    Thank you for the detailed explanation about the logging of my Invalid traffic, I found an article on how to fix it: https://community.sophos.com/kb/en-us/131754

    Cheers.