Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 28 subscribers
  • Views 1011 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Digital Phot Frame Port 443

BobbyDigital

Hello All,

I recently received a a digital photo frame as a gift and decided to put online behind my Sohpos firewall. I'm running sophos at my house and so far everything is working with no issues. I'm running Sophos version SFVH (SFOS 18.0.5 MR-5-Build586).

The issue I am experiencing is the digital frame is sending packets out but I see no return traffic via my packet captures. At first I was receiving the "could not associate packet to any connection" logs was showing traffic being dropped via rule =0. 

So I placed essentially an any any rule for testing purpose. The error went away however I'm still only seeing outbound connections and no return traffic. 

Before I put in the any any rule I would see some RST packets but i checked the logs for web filter and application filter and nothing was found. 

This appears to be an issue with my sophos firewall. If I put the traffic behind my palo alto 220 I do not experience this issue. If I put it behind my CheckPoint, works as it should. Of course if I put it on a standard wireless connection not behind a firewall it works as well.

Weird thing is I have put this traffic in bypass mode and I'm still not able to get it working. 

Bypass Stateful Firewall
------------------------
Source Genmask Destination Genmask
172.24.50.75 255.255.255.255 0.0.0.0 0.0.0.0
0.0.0.0 0.0.0.0 172.24.50.75 255.255.255.255

This is not a huge issue as I have several work arounds but the firewall engineer in me wants to figure this out. 

Thanks for all response. 

 



This thread was automatically locked due to age.
  • 0 in reply to BobbyDigital

    Hi,

    you advised the frame has access when using other firewall products but not Sophos so that would imply the frame is using some other protocols like UPNP to pass traffic or maybe tls1.3 fixed/not negotiable with the site.

    Ian 

  • 0 in reply to rfcat_vk

    I do not disagree with your assessment. However, I thought putting the IP in firewall-bypass-mode would basically allow everything for that IP. 

    Also the logs aren't really showing me anything that would help me track down the issue. 

    Are their any additional CLI commands that may reveal what is happening  here?

    Again, thanks for all responses. 

  • 0 in reply to BobbyDigital

    Hi,

    there is something wrong with a configuration somewhere. If you have a source LAN, network your LAN network, destination WAN network ANY, allow all services then you should be seeing all traffic in the logviewer. Also I would suggest you use web allow all and enable use Proxy in lieu of DPI and then in application allow all that will assist with your debugging traffic.

    You will note I have advised to use your lan network instead of your frame IP, this is I have some devices that will work correctly when their IP address is used a source network, so I create a clientless user and then use allow the user. 

    Ian