Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 464 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Tracing problems in XG

DAENG

This is actually a very generall question. I often spend hours to trace a problem within the Firewall Rules and Policies, if there is blocking rule then I am actually able to find it fast in the log viewer.

But if there is no rule then I mostly go trough endless trial an error sessions.

For example I have a camera which was on port 86 with HTTP only. So I switched it for a new one which has HTTPS, so I changed the port from 443 to 440.

I opened the port in my DSL Router just as the other so I am pretty sure it comes in. But chaning it in the Firewall and NAT rules did not help.

So my question is how would I trace this problem?



This thread was automatically locked due to age.
Parents
  • 0

    Why are you opening a port on your router?
    your change will not go out the firewall rule with https.

    ian

  • 0 in reply to rfcat_vk

    I want to see the Kamera from outside, so I opned port 440 on the DSL Router which goes to the DMZ where the cameras are in.

  • 0 in reply to DAENG

    Please provide a simple network diagram, your setup seems strange.

  • FormerMember
    0 FormerMember in reply to DAENG

    Hi ,

    Thank you for reaching out to Sophos Community.

    Assuming you're able to access Camera internally on port 440 == https://<local_camera_IP>:440

    You can check the following things on XG to narrow down the reported issue.

    ==> Ensure that you've configured service with source port: 1:65535 and destination port:440

    ==> Login to SSH > 4. Device Console and run below command.

    console> tcpdump 'port 440

    and then try to access camera on puclic IP == https://<public_IP>:440

    ==> You may check drops with below command.

    console> drop-packet-capture 'port 440

    ==> If you're able to see un-replied packets on XG for destination port 440 then try to apply SNAT as 'MASQ' in the NAT rule.

Reply
  • FormerMember
    0 FormerMember in reply to DAENG

    Hi ,

    Thank you for reaching out to Sophos Community.

    Assuming you're able to access Camera internally on port 440 == https://<local_camera_IP>:440

    You can check the following things on XG to narrow down the reported issue.

    ==> Ensure that you've configured service with source port: 1:65535 and destination port:440

    ==> Login to SSH > 4. Device Console and run below command.

    console> tcpdump 'port 440

    and then try to access camera on puclic IP == https://<public_IP>:440

    ==> You may check drops with below command.

    console> drop-packet-capture 'port 440

    ==> If you're able to see un-replied packets on XG for destination port 440 then try to apply SNAT as 'MASQ' in the NAT rule.

Children
No Data