Hello,
we have noticed one http traffic issue on Sophos XG 210 with release 18.0.4. We have defined a firewall rule which is allowing all services from LAN to (RMX) server.
Port1 = LAN zone
Port3.3353 = RMX server zone
When we try to connect from PC in LAN zone using "RMX Manager" application the Application sometimes connects to the RMX server and sometimes not.We are not able to reproduce the issue because sometimes from 10 connections are 2 OK, sometimes from 10 connections are 4 OK. It looks like a "random" issue.
But when we move the same PC from LAN zone directly to the RMX server zone (bypassing FW) the connection to the server is stable. So it looks like the problem is on firewall.
The log below show unsuccessful connection from LAN to RMX server:
07:37:17.266471 Port1, IN: IP 192.168.10.115.63870 > 10.100.5.218.80: Flags [P.], seq 763:1196, ack 2589, win 1026, length 433: HTTP: POST http://rmxsrv:80 HTTP/1.1 07:37:17.266682 Port1, OUT: IP 10.100.5.218.80 > 192.168.10.115.63870: Flags [.], ack 1196, win 126, length 0 07:37:17.267150 Port1, IN: IP 192.168.10.115.63870 > 10.100.5.218.80: Flags [P.], seq 1196:2167, ack 2589, win 1026, length 971: HTTP: POST http://rmxsrv:80 HTTP/1.1 07:37:17.267643 Port3.3353, OUT: IP 192.168.10.115.63870 > 10.100.5.218.80: Flags [R.], seq 763, ack 2589, win 0, length 0 07:37:17.267655 Port1, OUT: IP 10.100.5.218.80 > 192.168.10.115.63870: Flags [R.], seq 2589, ack 2167, win 0, length 0
In the Sophos logs there are no "denied" or dropped packets or connections.
The most interesting part of the log is this line below. It looks like the client IP 192.168.10.115 is sending TCP RESET but the RESET is not sending from Port1 - LAN zone. The TCP RESET is sending Sophos XG firewall from Port3.3353 interface to the RMX server.
Port3.3353, OUT: IP 192.168.10.115.63870 > 10.100.5.218.80: Flags [R.]
Thank you,
Pavol
This thread was automatically locked due to age.
