Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Local ACL/Invalid Traffic

Hey all,

Has anyone discovered a way to determine what, specifically, the firewall is talking about when it denies traffic based on a "Local ACL" or "Invalid Traffic?"

I'm struggling getting a CIFS client to communicate (getting host down messages) when all other devices on the network are using this share just fine.  (It worked before I switched to this firewall as well, so I know it's something in here)  I'm having trouble locating the reason why it'd be dropping this traffic.

Thanks for any assistance you can provide!

:)



This thread was automatically locked due to age.
Parents
  • A tcpdump will do the trick. As someone suggested, it could be an asymmetric routing issue or XG is not seeing the traffic coming and returning to him, so because it is statefull, traffic is blocked. If it is the case, you should get a spoofing attack (if dos protection and spoofing is enabled).

    Only a tcpdump output can help you to see the connection state and where is the issue. Droppacket command in this case cannot give further information.

    Luk
  • I got "invalid traffic" on a rule that had masq, Web filter and Application control on, but only very specific connections were dropped that had no obvious reason for being dropped (train schedule app on mobile device). I made selective changes and found the Application control (block very high risk apps, level  5) to be the culprit. The app now works even though the firewall log still shows some invalid traffic from this source. How can I find out why that innocuous app landed on the list of very high risks, and can I modify that list easily?

    Thanks.

Reply
  • I got "invalid traffic" on a rule that had masq, Web filter and Application control on, but only very specific connections were dropped that had no obvious reason for being dropped (train schedule app on mobile device). I made selective changes and found the Application control (block very high risk apps, level  5) to be the culprit. The app now works even though the firewall log still shows some invalid traffic from this source. How can I find out why that innocuous app landed on the list of very high risks, and can I modify that list easily?

    Thanks.

Children