This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Logging not showing traffic for a certain rules or traffic type

We are having something happen on our Firewall which we are implementing and can't quite get our head around it.

We have traffic coming from some clients. HTTPS specifically. We have a rule which allows HTTPS traffic from the clients IP to the WAN with no scanning of any kind. We have added a SSL/TLS exemption which they are hitting. DNS and HTTPS traffic to normal websites such as Google is fine. However these clients are also handling credit card transactions which are transversing over the 443 HTTPS. The traffic is working for the credit card transaction perfectly correctly. However, none of this traffic appears in the logs yet going to google.com does...... Except for the increase in data quota on the firewall rule itself you wouldn't know this traffic was passing through the firewall!

We have completed a tcpdump and a PacketTrace. The traffic is appearing in them....

Any reasons ?

Rather annoying and yet another oddity in the SFW which makes me nervious.

This thread was automatically locked due to age.

Parents

0 Vivek Jagad over 2 years ago

Hello MakoRantz ,

Thank you for reaching out to the community, for the rule id 74 can you share the screenshot which includes the security features and other security features as illustrated in the screenshot below ?

the option Use web proxy instead of DPI engine is enable or disable ?
Here is the difference to consider:

And is Advanced protection enabled ? as it analyzes incoming and outgoing network traffic (for example DNS requests, HTTP requests, and IP packets) for threats.

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 MakoRantz over 2 years ago in reply to Vivek Jagad

Hi,

I can drop the screenshots but actually your screenshots above are exactly like the rule we have setup. Everything is unchecked or set to none! Hope that makes sense.

Thanks

Ed
Cancel
Vote Up 0 Vote Down

Cancel
0 Vivek Jagad over 2 years ago in reply to MakoRantz

I understand MakoRantz , then under the security features for web policy can you select "Allow All" and enable the tick on option "Use web proxy instead of DPI engine." and then check and revert us with the results !

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 MakoRantz over 2 years ago in reply to Vivek Jagad

Will do but this might have to be Tuesday now as it is Easter weekend and we won't want to disrupt the payments. Will update on Tuesday.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 MakoRantz over 2 years ago in reply to Vivek Jagad

Will do but this might have to be Tuesday now as it is Easter weekend and we won't want to disrupt the payments. Will update on Tuesday.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Vivek Jagad over 2 years ago in reply to MakoRantz

Sure take your time, Happy Easter MakoRantz

Thanks & Regards,
_______________________________________________________________

Vivek Jagad | Team Lead, Global Support & Services

Sophos Community | Product Documentation | Sophos Techvids | SMS
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel