Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 3591 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Application Filter Issue

ferozsyed

Hi,

I have apply one rule on XG, to deny all proxy app,youtube and p2p.its works as I expect but some applications like IMO,LINE are not working.i couldn't see any error msg on log view.

but on terminal console I saw this error msg

-----------------------------------------------------------------------------------------

2016-07-31 14:50:29 0102021 IP 192.168.101.17.56916 > 192.168.100.18.8080 : proto TCP: R 3419360249:3419360249(0) checksum : 20414
0x0000:  4500 0028 8eef 4000 4006 616c c0a8 6511  E..(..@.@.al..e.
0x0010:  c0a8 6412 de54 1f90 cbcf 4bf9 0000 0000  ..d..T....K.....
0x0020:  5004 0000 4fbe 0000                      P...O...
Date=2016-07-31 Time=14:50:29 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port1 out_d
ev= inzone_id=0 outzone_id=0 source_mac=b8:09:8a:81:0f:23 dest_mac=54:e6:fc:84:a0:55 l3_protocol=IP source_ip=192.168.101.17 dest_ip=192.168.100.18 l4_protocol=TCP source_port=5
6916 dest_port=8080 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 icap_id=0 app_filter_id=0 app_category_id=0 app_
id=0 category_id=0 bandwidth_id=0 up_classid=3472328295419215872 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0
drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_po
rt=N/A

2016-07-31 14:50:29 0102021 IP 192.168.101.17.56917 > 192.168.100.18.8080 : proto TCP: R 2999594579:2999594579(0) checksum : 34408
0x0000:  4500 0028 03b8 4000 4006 eca3 c0a8 6511  E..(..@.@.....e.
0x0010:  c0a8 6412 de55 1f90 b2ca 2e53 0000 0000  ..d..U.....S....
0x0020:  5004 0000 8668 0000                      P....h..
Date=2016-07-31 Time=14:50:29 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port1 out_d
ev= inzone_id=0 outzone_id=0 source_mac=b8:09:8a:81:0f:23 dest_mac=54:e6:fc:84:a0:55 l3_protocol=IP source_ip=192.168.101.17 dest_ip=192.168.100.18 l4_protocol=TCP source_port=5
6917 dest_port=8080 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 icap_id=0 app_filter_id=0 app_category_id=0 app_
id=0 category_id=0 bandwidth_id=0 up_classid=3472328295419215872 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0
drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_po
rt=N/A

2016-07-31 14:50:29 0102021 IP 192.168.101.17.56918 > 192.168.100.18.8080 : proto TCP: R 2382227584:2382227584(0) checksum : 61702
0x0000:  4500 0028 e307 4000 4006 0d54 c0a8 6511  E..(..@.@..T..e.
0x0010:  c0a8 6412 de56 1f90 8dfd e880 0000 0000  ..d..V..........
0x0020:  5004 0000 f106 0000                      P.......
Date=2016-07-31 Time=14:50:29 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port1 out_d
ev= inzone_id=0 outzone_id=0 source_mac=b8:09:8a:81:0f:23 dest_mac=54:e6:fc:84:a0:55 l3_protocol=IP source_ip=192.168.101.17 dest_ip=192.168.100.18 l4_protocol=TCP source_port=5
6918 dest_port=8080 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 icap_id=0 app_filter_id=0 app_category_id=0 app_
id=0 category_id=0 bandwidth_id=0 up_classid=3472328295419215872 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0
drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_po
rt=N/A

2016-07-31 14:50:29 0102021 IP 192.168.101.17.56915 > 192.168.100.18.8080 : proto TCP: R 577162968:577162968(0) checksum : 30281
0x0000:  4500 0028 7d7a 4000 4006 72e1 c0a8 6511  E..(}z@.@.r...e.
0x0010:  c0a8 6412 de53 1f90 2266 ced8 0000 0000  ..d..S.."f......
0x0020:  5004 0000 7649 0000                      P...vI..
Date=2016-07-31 Time=14:50:29 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port1 out_d
ev= inzone_id=0 outzone_id=0 source_mac=b8:09:8a:81:0f:23 dest_mac=54:e6:fc:84:a0:55 l3_protocol=IP source_ip=192.168.101.17 dest_ip=192.168.100.18 l4_protocol=TCP source_port=5
6915 dest_port=8080 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 icap_id=0 app_filter_id=0 app_category_id=0 app_
id=0 category_id=0 bandwidth_id=0 up_classid=3472328295419215872 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0
drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_po
rt=N/A



This thread was automatically locked due to age.
  • 0

    Hi Feroz,

    Go to System> Diagnostics >Log Viewer> Application filter. Search for applications which are blocked, if you find line blocked in the application filter log change the configuration in the reflected Rule ID and Application policy. If you do not discover any denied logs here, I suspect that the issue is not caused through XG.

    Thanks