Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 487 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG 18 + outbound traffic only

Fabrice Van Ranst

Hi Everyone,

I have a strange problem with my Sophos XG. After some testing I lost Internet connection.

I disabled all firewall rules and add only one rules : Allow All from lan to wan for every computer and every services. A full open rules.

And i have only some outbound traffic, nothing coming In ?!

The Internet connexion was good, I still manage the XG from Sophos Central.

I can ping some external IP from the diagnostic page in the web interface.

I have no idea of what I can do.

Thanks for your help.

Fabrice



This thread was automatically locked due to age.
  • 0

    Edit :

    I do some more testing :

    Here a drop-packet-capture on Wan port.

    I don't see what is droping that packet

    What's Bridge name ?

    If I understand that capture, my packet is not processed by any rules, how it's possible ? 

     

    Date=2020-12-11 Time=23:18:08 log_id=0103021 log_type=Firewall log_component=Loc
    al_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev
    =Port7 out_dev= inzone_id=2 outzone_id=4 source_mac=48:d2:4f:a3:ac:1b dest_mac=7
    c:5a:1c:7c:c2:ba bridge_name= l3_protocol=IPv4 source_ip=45.129.33.124 dest_ip=1
    92.168.1.28 l4_protocol=TCP source_port=56547 dest_port=60935 fw_rule_id=N/A pol
    icytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 
    hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter
    _id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_cl
    assid=0 nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 gateway_offset=0 connid=
    1110030912 masterid=0 status=256 state=1, flag0=549757911040 flags1=17179869184 
    pbdid_dir0=0 pbrid_dir1=0                                                       

  • 0

    Hi,

    you will not see anything coming in, all connections are setup by the outgoing requests. You would se incoming traffic if you have a WAF rule or a WAN to LAN rule to provide access to an internal server.

    All is okay.

    Ian