Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 2 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 810 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Iptables view current entries and can they survive a firmware update

Marcus Johnson

We use the following commands on our site to site vpn's to change the MTU and prevent fragmentation. 

----

iptables -t mangle -I POSTROUTING -s 192.168.3.0/24 -d 192.168.42.225/27 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1300;

iptables -t mangle -I POSTROUTING -s 192.168.42.225/27 -d 192.168.3.0/24 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1300;

----

However, when we do a firmware update, these changes appear to go away and we have to re-issue the commands.

Is there a way to show the table and these commands to confirm they survive the firmware update or not.  Sophos Support says they will survive it but in testing they do not.

We also have a console command to set an ips exception

----

set ips ac_atp exception fwrules "rule number"

----

I need to confirm that this also survives a firmware update but cannot find the exceptions

Any help with a command to show these command lines would be greatly appreciated.



This thread was automatically locked due to age.
Parents
  • 0

    Hello Marcus,

    Thank you for contacting the Sophos Community.

    If you run the commands directly on the shell they won’t survive a reboot, you can open a case with support so they can make the command reboot "resistant", however, this won’t survive a Firmware Upgrade. 

    You can run the following command to show the Mangle Table to see if the command is applied on the system

    # iptables -nvxL -t mangle | grep "192.168.3.0"

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Reply
  • 0

    Hello Marcus,

    Thank you for contacting the Sophos Community.

    If you run the commands directly on the shell they won’t survive a reboot, you can open a case with support so they can make the command reboot "resistant", however, this won’t survive a Firmware Upgrade. 

    You can run the following command to show the Mangle Table to see if the command is applied on the system

    # iptables -nvxL -t mangle | grep "192.168.3.0"

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?