Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 30 replies
  • Answers 2 answers
  • Subscribers 37 subscribers
  • Views 166991 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Local ACL/Invalid Traffic

ShawnLucas

Hey all,

Has anyone discovered a way to determine what, specifically, the firewall is talking about when it denies traffic based on a "Local ACL" or "Invalid Traffic?"

I'm struggling getting a CIFS client to communicate (getting host down messages) when all other devices on the network are using this share just fine.  (It worked before I switched to this firewall as well, so I know it's something in here)  I'm having trouble locating the reason why it'd be dropping this traffic.

Thanks for any assistance you can provide!

:)



This thread was automatically locked due to age.
Parents
  • 0

    hello everybody,

    just testing the change from utm to xg series. now i've the same problem with id 0.

    i'm on a cisco layer 3 environment with different vlans/subnets.

    as example xg firewall/gateway on ip 192.168.100.100 and layer3 switch on 192.168.100.254 routing modus.

    3 different vlans with ip ranges 192.168.200.x, 192.168.210.x and 192.168.220.x - gateway also 192.168.2x0.254 forwarding traffic to sophos xg.

    <at the moment all 3 vlans subnets can surf over sophos without problems. use the local windows server dns server for name resolution etc.


    but now the main thing is i cannot ping, tracer my servers in the 192.168.100.0 subnet. get no access to the windows file shares on the nas, server 2012 r2 etc. if i add the rule allow all from the subnets to server net and back name resolution/dhcp is working, ping not, cifs not etc.

    with utm9 all was fine but with this new thing NO. testing and trying it now for hours with different settings but nothing worked for me.

    hope someone can give me a hind or help me with that problem - i'm very frustraded with the xg firewall because utm9 is working without problems.

    thx a lot!


    log from firewall:


    2016-01-06 14:43:28 0102021 IP 192.168.100.10. > 192.168.200.1. :proto ICMP:
    0x0000: 4500 003c 7662 0000 8001 5302 c0a8 640a E..<vb....S...d.
    0x0010: c0a8 8c01 0000 4345 0001 1216 6162 6364 ......CE....abcd
    0x0020: 6566 6768 696a 6b6c 6d6e 6f70 7172 7374 efghijklmnopqrst
    0x0030: 7576 7761 6263 6465 6667 6869 uvwabcdefghi
    Date=2016-01-06 Time=14:43:28 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_sub
    type=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port1 out_dev= inzone_id=0 outzone
    _id=0 source_mac=00:15:5d:76:20:01 dest_mac=00:15:5d:76:20:0d l3_protocol=IP source_ip=192.168.100.1
    0 dest_ip=192.168.200.1 l4_protocol=ICMP icmp_type=0 icmp_code=0 fw_rule_id=0 policytype=0 live_user
    id=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 icap_id=0 app_filter_id=0
    app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=3762532325007556608 dn_classid=0
    source_nat_id=0 cluster_node=0 inmark=0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 d
    rop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A
    recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

Reply
  • 0

    hello everybody,

    just testing the change from utm to xg series. now i've the same problem with id 0.

    i'm on a cisco layer 3 environment with different vlans/subnets.

    as example xg firewall/gateway on ip 192.168.100.100 and layer3 switch on 192.168.100.254 routing modus.

    3 different vlans with ip ranges 192.168.200.x, 192.168.210.x and 192.168.220.x - gateway also 192.168.2x0.254 forwarding traffic to sophos xg.

    <at the moment all 3 vlans subnets can surf over sophos without problems. use the local windows server dns server for name resolution etc.


    but now the main thing is i cannot ping, tracer my servers in the 192.168.100.0 subnet. get no access to the windows file shares on the nas, server 2012 r2 etc. if i add the rule allow all from the subnets to server net and back name resolution/dhcp is working, ping not, cifs not etc.

    with utm9 all was fine but with this new thing NO. testing and trying it now for hours with different settings but nothing worked for me.

    hope someone can give me a hind or help me with that problem - i'm very frustraded with the xg firewall because utm9 is working without problems.

    thx a lot!


    log from firewall:


    2016-01-06 14:43:28 0102021 IP 192.168.100.10. > 192.168.200.1. :proto ICMP:
    0x0000: 4500 003c 7662 0000 8001 5302 c0a8 640a E..<vb....S...d.
    0x0010: c0a8 8c01 0000 4345 0001 1216 6162 6364 ......CE....abcd
    0x0020: 6566 6768 696a 6b6c 6d6e 6f70 7172 7374 efghijklmnopqrst
    0x0030: 7576 7761 6263 6465 6667 6869 uvwabcdefghi
    Date=2016-01-06 Time=14:43:28 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_sub
    type=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port1 out_dev= inzone_id=0 outzone
    _id=0 source_mac=00:15:5d:76:20:01 dest_mac=00:15:5d:76:20:0d l3_protocol=IP source_ip=192.168.100.1
    0 dest_ip=192.168.200.1 l4_protocol=ICMP icmp_type=0 icmp_code=0 fw_rule_id=0 policytype=0 live_user
    id=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 icap_id=0 app_filter_id=0
    app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=3762532325007556608 dn_classid=0
    source_nat_id=0 cluster_node=0 inmark=0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 d
    rop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A
    recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

Children