Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 339 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port translation / packet captures

Stuart James

Came across an issue yesterday with routing in Azure with Sophos and spent ages on it before realising that the license on the XG had expired which caused the issue. We have a NAT rule that translates port 3391 to port 3389 and when the license expired this translation stopped working. I should have picked that up earlier, but nevertheless there was nothing in the packet captures to tell me this was the issue so I spent hours looking at Azure and troubleshooting there and trying to locate the problem. IMO the packet capture shouldn't say "forwarded" because it wasn't. It should say "license expired" or something so that it's obvious that the translation isn't occurring.



This thread was automatically locked due to age.
  • 0

    Valid point but actually quite rarely the case.

    The Base license expiration causes this behavior to occur. Basically only two scenarios can cause this: You have a software deployment (because hardware has a Base License valid until 2999) and you are doing a trial of this license.

    Second case would be: The appliance could not reach the Licensing Server for 90 Days and deactivate the license. 

    Both cases are quite rare to be honest. 

    That is the reason, if somebody ask something like "The firewall does weird stuff" i always check the Licensing page first (it is a simply check on licensing).

    Due the fact, if you do not register the firewall, it could cause other stuff to occur (no certificates etc.). Therefore it is always a worth check. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Yes this was the case here. We spun up a new firewall in Azure before Christmas and then came back from holidays and trial had expired. We've had that extended and ordered a license, but it would be handy if the logs reflected what was actually happening to the traffic. It was saying forwarded when actually it wasn't. But yes, I should have checked the license first.

Unfiltered HTML