Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1226 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Blocking 255.255.255.255:6677

Yendor

SO I created another LAN interface for my IoT Devices and everything is working as long as I am allowing the LAN int to access the WAN with an Any Any rule. I have decided to tighten up this rule and noticed that the firewall is blocking my LAN Source host some communicating to the destination IoT interface of 255.255.255.255:6677

Anyone have any ideas what this is happening and why it is not allowing me to control certain IoT hosts?

I have also noticed that when looking at more capture packet logs that the local ACL is causing violations.



This thread was automatically locked due to age.
Parents
  • 0

    It's definiatly has to do with services in the FW rule. When I switch to Any the IoT hosts work fine. Once I apply the restrictive services
    UDP (1:65535) / (6667), TCP (1:65535) / (80), UDP (1:65535) / (123), UDP (1:65535) / (138), TCP (1:65535) / (443), UDP (1:65535) / (53), TCP (1:65535) / (6667)

    It failes

  • 0 in reply to Yendor

    Hi,

    very simple you XG is blocking access to the firewall on a address 266.255.255.255 which is a no routable address. Also port 138 is a security risk and should only be used within your network.

    port 80 = http, port 53 = DNS, port 123 = NTP and port 443 = https so you did not need to create those services types.

    Ian

Reply
  • 0 in reply to Yendor

    Hi,

    very simple you XG is blocking access to the firewall on a address 266.255.255.255 which is a no routable address. Also port 138 is a security risk and should only be used within your network.

    port 80 = http, port 53 = DNS, port 123 = NTP and port 443 = https so you did not need to create those services types.

    Ian

Children
No Data