Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 2 answers
  • Subscribers 30 subscribers
  • Views 4048 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Could not associate packet to any connection.

Karim Toumi

I have the XGS136 firewall, SFOS 19.0.1 MR-1-Build365, I have a problem connecting the local network to the DMZ. Users get invalid traffic. and the server (Odoo) stops responding, and this issue happened more with users who have Laptop HP-15-DY2093DX. OS windows 10 Pro. Please find attached some capture.

Notice that Sophos endpoint Intercept X is intalled on their machine (not all of them but they have the same results connection lost between LAN user and DMZ server "odoo" ). 

Example: 

LAN  user source IP: 192.168.241.115

DMZ: destination IP: 10.0.0.20 port 8069 Odoo server 

LogsDMZ ruleDMZ rule



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to Raphael Alganes

    Hi;

    Yes, the same thing for all users, they suffer from packet lost, and they traverse on the same FW rule.

    The problem is they connect to the server normally, and make a transaction, but suddenly the connection lost (loading in progress display odoo interface) and when I search for log viewer I found the user was blocked 'denied' like mentioned in the previous capture

Children
  • 0 in reply to Karim Toumi

    Hi,

    please post a copy of the network setup of your firewall rule. Invalid traffic is usually ignored by turning off the logging of invalid packets. The issue sounds more like a network configuration in the server rather than the firewall.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Right, Invalid traffic is, as I understand it, traffic that's sent from the far end after a connection is closed and thus it's invalid. So if the client is closing the connection on the server (could be endpoint, I guess) but the server is still sending packets, they would be invalid. And I guess if the server closed the connection but the clients were still sending packets, that would also be.

    From the screen capture if the clients are 192.168.X.X, it appears that it's the latter case: server has closed connection but clients still sending packets. But I am a little confused and it could be the other way around.

  • 0 in reply to rfcat_vk

    Hi,

    Please find attached a copy of the network setup of firewall rule. thanks again 

Unfiltered HTML