Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 32956 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Troubleshooting dropped traffic

DavidMcLaughlin1

XG210 - first experience with Sophos.

I cant find where dropped traffic is logged like a Packet Filter Live Log or HTTP Live Log.

I'm troubleshooting Windows Updates being blocked.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Were you able to figure out how to allow Windows Update traffic through? I have a rule configured to allow all LAN to WAN traffic through, tried it with "Allow All" and "None" policies, but Windows Update always reports an error. I'm sure the root cause is in the firewall, as Windows Update works just fine when I use an alternative network that's not routed through SFOS.

  • 0 in reply to FormerMember

    Yes I did, I thought it was a KB article but have been unable to find it for you.

    The guidance was to create a client-less user in System > Authentication > Clientless Users - this will be the WSUS server thats downloading updates.

    Create an Application Filter - Category= "Software Update" and Category = "Infrastructure"
    Then create a new policy that is user based,
    Identity is user created in clientless users - "Match rule based on user identity" is on.
    Source is Zone=LAN / Networks=Any / Service=HTTP(s)
    Destination is Zone=WAN / Networks=Any
    Action=Accept
    Select Application Filter from previous step.

    Hope that helps.

  • 0 in reply to DavidMcLaughlin1

    David,

    using the command drop-packet from CLI and filtering for WSUS server, does it show something?

  • 0 in reply to lferrara

    I agree on the fact that there is a missing "advanced troubleshooting function" with some history.

    I had the same issue with a application on a ipad, with the packet capture the problem was found fast, but to check it afterwards I was not able to find it. only live.

    therefore I also like to see what is happening in the network focused on blocks, optimise network and/or take action on it

    The reporting on the XG is way better then I had in mind.

    the reason I post the message is to give the "advanced troubleshooting function" a little attention. I like also to have that onboard of the XG.

    Regards

    Jeroen

  • 0 in reply to DavidMcLaughlin1

    Hi I have done this, as well tried to change source and destination to ANY for both and Any for services but it is not working, any suggestion ?

  • 0 in reply to Mahmud Ismail

    Ismail,

    can you share the command you are executing?

    Also share your Firewall rules.

    Thanks

Reply Children
No Data