Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Local ACL/Invalid Traffic

Hey all,

Has anyone discovered a way to determine what, specifically, the firewall is talking about when it denies traffic based on a "Local ACL" or "Invalid Traffic?"

I'm struggling getting a CIFS client to communicate (getting host down messages) when all other devices on the network are using this share just fine.  (It worked before I switched to this firewall as well, so I know it's something in here)  I'm having trouble locating the reason why it'd be dropping this traffic.

Thanks for any assistance you can provide!

:)



This thread was automatically locked due to age.
Parents
  • A tcpdump will do the trick. As someone suggested, it could be an asymmetric routing issue or XG is not seeing the traffic coming and returning to him, so because it is statefull, traffic is blocked. If it is the case, you should get a spoofing attack (if dos protection and spoofing is enabled).

    Only a tcpdump output can help you to see the connection state and where is the issue. Droppacket command in this case cannot give further information.

    Luk
Reply
  • A tcpdump will do the trick. As someone suggested, it could be an asymmetric routing issue or XG is not seeing the traffic coming and returning to him, so because it is statefull, traffic is blocked. If it is the case, you should get a spoofing attack (if dos protection and spoofing is enabled).

    Only a tcpdump output can help you to see the connection state and where is the issue. Droppacket command in this case cannot give further information.

    Luk
Children