Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 27 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 27093 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

TMobile CellSpot

DavePackham

I have a T-Mobile Cellspot that is a internal net connected device that creates a pico cell for service in my house which then goes over the internet to TMO.

It has a static address but I cannot get it to boot and connect to the internet behind the XG.  

I tried to setup a rule to NOT filter and only port forward.  but it still wont connect.

behind my UTM9.3 it works  



This thread was automatically locked due to age.
  • 0 in reply to lferrara

    I get this now


    Date=2016-04-14 Time=00:22:13 log_id=0139021 log_type=Firewall log_component= log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev=Port1 inzone_id=1 outzone_id=2 source_mac= dest_mac= l3_protocol=IP source_ip=208.54.73.1 dest_ip=10.1.1.23 l4_protocol=UDP source_port=4500 dest_port=4500 fw_rule_id=2 policytype=3 live_userid=4 userid=11 user_gp=2 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=1 inmark=0 nfqueue=0 scanflags=253 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=1 connid=65800 masterid=1313074432 status=0 state=410 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

  • 0 in reply to DavePackham

    Hmmm  still not working.  any ideas?

  • 0 in reply to DavePackham

    Have you tried moving your allow all network rule from the bottom to the top?

  • 0 in reply to BenVerschaeren

    I have not.  I have always been in the mid set of top down.  top being what I want to filter inbound and bottom letting everything else out  :)

    I will try this and report back

  • 0 in reply to DavePackham

    Moved it to the TOP.  

    Still getting. the below drop...


    Date=2016-04-15 Time=10:58:07 log_id=0139021 log_type=Firewall log_component= log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port1 out_dev= inzone_id=1 outzone_id=2 source_mac=b4:ee:b4:d3:50:f1 dest_mac=00:01:2e:5a:96:03 l3_protocol=IP source_ip=10.1.1.23 dest_ip=208.54.73.1 l4_protocol=UDP source_port=4500 dest_port=4500 fw_rule_id=1 policytype=1 live_userid=4 userid=11 user_gp=2 ips_id=5 sslvpn_id=0 web_filter_id=6 hotspot_id=0 icap_id=0 app_filter_id=0 app_category_id=1 app_id=0 category_id=0 bandwidth_id=0 up_classid=7161395441051893760 dn_classid=0 source_nat_id=0 cluster_node=1 inmark=0 nfqueue=0 scanflags=253 gateway_offset=72 max_session_bytes=0 drop_fix=0 ctflags=1 connid=604045568 masterid=1974685344 status=0 state=414 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

  • 0 in reply to DavePackham

    looks like an IPS thing..  i cant stop this from triggering.  i even created a blank IPS policy and it still triggers.

    2016-04-15 20:18:34
    Signatures
    Drop
    p0larlte
    208.54.75.197 :UDP (4500)
    10.1.1.23 :UDP (4500)
    445
    (snort_decoder) WARNING: MISC Large UDP Packet
    Reconnaissance
    BSD,Linux,Mac,Other,Solaris,Unix,Windows
    Server
    1
    07002
    2016-04-15 20:08:20
    Signatures
    Drop
    p0larlte
    208.54.73.1 :UDP (4500)
    10.1.1.23 :UDP (4500)
    445
    (snort_decoder) WARNING: MISC Large UDP Packet
    Reconnaissance
    BSD,Linux,Mac,Other,Solaris,Unix,Windows
    Server
    1
    07002
  • 0 in reply to DavePackham

    also RULE #1 is the default out everything rule.  i have set it to NONE and LAN2WAN and my own blank Accept ALL policy...  cant figure out how to add the LTE modem as a exception

  • 0 in reply to DavePackham

    STOPPING the IPS service worked.  it allowed the cellspot to boot even without specific rules.   so its the IPS service dropping it somwhere

  • 0 in reply to DavePackham

    It's not uncommon for IPS to pick these things up, what does the IPS logs say?

    I've had to add an exception for my PS3 else everything I try and download triggers IPS and gets stuck in a download loop!

  • 0 in reply to BenVerschaeren
    2016-04-16 13:32:48
    Signatures
    Drop
    p0larlte
    208.54.75.197 :UDP (4500)
    10.1.1.23 :UDP (4500)
    445
    (snort_decoder) WARNING: MISC Large UDP Packet
    Reconnaissance
    BSD,Linux,Mac,Other,Solaris,Unix,Windows
    Server
    1
    07002

    This is what it ways when the IPS service is started.  how do you add an exclusion for 1 host?  that would be great