Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 548 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG drops packets like Apple Push (TCP 5223) on Port2 (WAN) which is behind ISP Router

battl84

Hello Guys!

First of all: Thank you for your support and sorry for my bad English.

I just installed my new Sophos XG and replaced my old UTM. Now I faced a lot of problems during installation but I managed the most of them. But not all of them and the search engines doesn’t help me in that case. So here is my first post:

In the firewall protocol I can see a lot of "Invalid Traffic" messages and they all have the same structure

Source-IP (some public IP like 17.57.146.68) -> Destination-IP (WAN-IP of the XG 192.168.11.10) -> Source-Port: eg. 5223 -> Destination-Port: some high port -> message: Invalid packed

So it seems to be that in that example an incoming Apple push notification will not forwarded to the LAN zone.

My Setup is:

ISP-Router: WAN-Port (with dynamic public IPv4-address) / LAN Port: 192.168.11.1/24

Sophos-Firewall: WAN-Port: 192.168.11.10/24 / LAN-Port: 10.100.100.254/24

On the ISP-Router I configured the Sophos IP (192.168.11.10) as so called "exposed host" (forward all packets to that IP)

So I think the Sophos don't know what to do with the incoming packages at the WAN-Port.

Maybe the solution is pretty easy but I didn't get it.

Please apologize my maybe stupid question.

Best regards,

Sebastian



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    the incoming packets are errors, I see lots of therm, the devices on your LAN should be setting up the connection that allows the Apple servers to push notifications to them I there is no connection then the XG will drop the traffic. I see a lot of that type of traffic failures.

    Apple devices will fail to connect if there is any for of checking. My Apple rules are basically, Source LAN, Network with Apple device, Destination Apple (17.0.0.0/8), any service ) allow all web filter, I have application allow all and IPS WANtoLANgeneral. I have also setup web exception for tick all boxes for the Apple address range.

    You might find you need to put your ISP router into bridge mode to gert the best performance from XG.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0

    Hi,

    the incoming packets are errors, I see lots of therm, the devices on your LAN should be setting up the connection that allows the Apple servers to push notifications to them I there is no connection then the XG will drop the traffic. I see a lot of that type of traffic failures.

    Apple devices will fail to connect if there is any for of checking. My Apple rules are basically, Source LAN, Network with Apple device, Destination Apple (17.0.0.0/8), any service ) allow all web filter, I have application allow all and IPS WANtoLANgeneral. I have also setup web exception for tick all boxes for the Apple address range.

    You might find you need to put your ISP router into bridge mode to gert the best performance from XG.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?