Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 27 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 27091 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

TMobile CellSpot

DavePackham

I have a T-Mobile Cellspot that is a internal net connected device that creates a pico cell for service in my house which then goes over the internet to TMO.

It has a static address but I cannot get it to boot and connect to the internet behind the XG.  

I tried to setup a rule to NOT filter and only port forward.  but it still wont connect.

behind my UTM9.3 it works  



This thread was automatically locked due to age.
  • 0

    Hi Dave,

    Have you created a rule to allow the LAN zone and T-Mobile Cell Spot out to the internet? That rule allows traffic in but not out by the looks of thing? The other thing you can try is to check the "Create Reflexive Rule" button. Which essentially creates a reverse rule.

    Cheers,

    Ben

  • 0 in reply to BenVerschaeren

    I had the reflexive already checked.  i added the following and still not working  these are ALL my rules.

  • 0 in reply to DavePackham

    Dave,

    what a drop-packet-capture "host ip" will produce? Otherwise use a tcpdump to see what is happening on the connection for that ip/port.

  • 0 in reply to lferrara


    Date=2016-04-13 Time=23:15:53 log_id=0139021 log_type=Firewall log_component= log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev=Port1 inzone_id=1 outzone_id=2 source_mac= dest_mac= l3_protocol=IP source_ip=208.54.90.1 dest_ip=10.1.1.23 l4_protocol=UDP source_port=4500 dest_port=4500 fw_rule_id=6 policytype=2 live_userid=4 userid=11 user_gp=2 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=1 inmark=0 nfqueue=0 scanflags=253 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=1 connid=134283520 masterid=442713312 status=0 state=410 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

  • 0 in reply to DavePackham

    fw_rule_id=6 and user_gp=2....


    The port seems correct. Can you disable the policy rule 6? Also can you share the rule where the port 4500 is allowed? I mean open the Policy rule and post the screenshot.

    Thanks.

  • 0 in reply to lferrara

    OK rule 6 disabled.  also the picture above is ALL the rules i have now.  rule ID 2 is where I port forward the 4500

    with rule 6 disabled I now get this


    Date=2016-04-13 Time=23:31:14 log_id=0139021 log_type=Firewall log_component= log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev=Port1 inzone_id=1 outzone_id=2 source_mac= dest_mac= l3_protocol=IP source_ip=208.54.75.197 dest_ip=10.1.1.23 l4_protocol=UDP source_port=4500 dest_port=4500 fw_rule_id=1 policytype=1 live_userid=4 userid=11 user_gp=2 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=1 inmark=0 nfqueue=0 scanflags=253 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=1 connid=65792 masterid=1399558624 status=0 state=410 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

  • 0 in reply to DavePackham

    rule id 1 is my allow all out NO SCAN of any type

    Hmmmm

  • 0 in reply to DavePackham

    You previous rule are not catched.

    Check you config. How are you trying your wan to lan rule? Are you connected from another site?

  • 0 in reply to lferrara

    dont know if I understand you totally.  i am inside on the LAN now with my CellSpot next to me.  

    the only rules I have are in the picture above with the exception that rule #6 is now disabled.  

  • 0 in reply to DavePackham

    Create a Policy Rule wan to lan where source zone is WAN, source IP is 208.54.75.197, dest. zone is lan and dest ip=10.1.1.23 where protocol is UPD 4500 and see if it works.