Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 990 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XGS107w Firewalls blocking ESET Updates and LiveGrid

Jon McKeown

Hi,

We recently deployed a couple of XGS107w units (SFOS 19.0.0 GA-Build317) and have been unable thus far to configure them to allow client devices to connect to ESET servers for updates and LiveGrid.

The only filtering enabled on these routers are the default  'AV' and 'WEB' options. These are enabled in the Default Network Policy with the default web policy selected.

I have tried adding exception LAN to WAN rules with no filtering above the default rule with ESET server host names and IP addresses as destinations. These have linked NAT rules and I can see there is traffic using them, but the client machines are still failing to connect to the ESET Update and LiveGrid servers.

I have also tried adding a web exception for ^([A-Za-z0-9.-]*\.)?eset\.com/ but this hasn't helped either.

The only thing I can see in the logs are lots of 'Invalid Traffic' errors when clients are trying to connect to the ESET servers on port 80 and port 443. These are all for NAT rule zero, with the message 'Could not associate packet to any connection'.

Why could this be happening?



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    if you only have a single wan interface you do not need to use linked Nat rules they take precedence over other Nat rules regardless of order.

    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Oh ok, so do you mean that the default NAT rule will still get used if no linked rule is created for the policy? So the NAT will still work? I don't think this will actually be related to the problem though will it? We've noticed some websites are also not working even if we disable all filtering. Could we perhaps have an MTU issue? (We're using a single PPPoE connection to the ISP).

  • +1 in reply to Jon McKeown

    Hi,

    for debugging purposes only create a firewall rule at the top of the list that allows all traffic out with allow all in web and application field and lantowan in IPS, then review the log entries to identify which ports are used?

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • +1 in reply to rfcat_vk

    Thanks. I should have started with that. It was an MTU problem. I changed the WAN MTU to 1460 and set MSS Clamping to 1400 and that resolved the problem. 

Reply Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML