Crashplan Connectivity Issues with XG 16

The traffic is dropped as an invalid traffic as no firewall rule is found to forward the connection. Can you also try to flush the v4 connection table, take SSH to XG and execute,

system diagnostics utilities connections v4 delete src_ip x.x.x.x (execute it several times on src and dest bothways). Also, I read some articles for crashplan and referred them in my previous post can you verify the information?

No rule?  It's right here and worked perfectly in v15.  Other users have reported the same thing.

The drop log was taken immediately after booting from v15 to v16.

The one CP reference is for an explicit proxy, so that doesn't apply to my configuration.

It's exactly the same as David all that's different is the ip it's going to as i'm connected to another crash plan server- 

2016-10-12 17:47:21 0102021 IP 162.222.42.207.443 > 10.10.7.1.41464 : proto TCP: R 3399830217:3399830217(0) checksum : 6150

0x0000:  4500 0028 c2bd 4000 3506 a45a a2de 2acf  E..(..@.5..Z..*.

0x0010:  0a0a 0701 01bb a1f8 caa5 4ac9 0000 0000  ..........J.....

0x0020:  5004 0000 1806 0000                      P.......

Date=2016-10-12 Time=17:47:21 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=PortB out_dev= inzone_id=0 outzone_id=0 source_mac=7c:4c:a5:8b:8e:98 dest_mac=00:50:56:a5:3c:0f l3_protocol=IP source_ip=162.222.42.207 dest_ip=10.10.7.1 l4_protocol=TCP source_port=443 dest_port=41464 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

2016-10-12 17:47:21 0102021 IP 162.222.42.207.443 > 10.10.7.1.41464 : proto TCP: R 3399830217:3399830217(0) checksum : 6150

0x0000:  4500 0028 c2be 4000 3506 a459 a2de 2acf  E..(..@.5..Y..*.

0x0010:  0a0a 0701 01bb a1f8 caa5 4ac9 0000 0000  ..........J.....

0x0020:  5004 0000 1806 0000                      P.......

Date=2016-10-12 Time=17:47:21 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=PortB out_dev= inzone_id=0 outzone_id=0 source_mac=7c:4c:a5:8b:8e:98 dest_mac=00:50:56:a5:3c:0f l3_protocol=IP source_ip=162.222.42.207 dest_ip=10.10.7.1 l4_protocol=TCP source_port=443 dest_port=41464 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

And just to demonstrate connectivity per the CrashPlan KB:

---------------

$ telnet central.crashplan.com  443
Trying 216.17.8.8...
Connected to central.crashplan.com.
Escape character is '^]'.



?cA-18782|com.code42.messaging.security.SecurityProviderReadyMessage¶¢"=s:́£
                                                                             ?!ùª?nDZ?Y0àã¿XÂÔLH?

---------------

But the actual application data stream gets smacked by v16 to Invalid Traffic.

With 100% identical firewall rules, I revert back to v15 and everything works. 

I Understand sachingurung, you have bigger priorities here but is there anything you can do or update us on?

Not having cloud backups for business/home is something we will have to revert the firewall because of.

It seems like such a waste as 16 already performs better and is better as a whole.

Thanks!

Hi All,

If the steps provided here does not conclude a resolution then my suggestion is to contact support or ask your Sophos partner to raise a case with support on the issue and provide me the case#. 

Thanks

sachingurung said:

Hi All,

If the steps provided here does not conclude a resolution then my suggestion is to contact support or ask your Sophos partner to raise a case with support on the issue and provide me the case#. 

Thanks

 

Seen as it's home edition I don't have that function.

It tells me to come here and log the issue.

The firewall firmware is clearly at fault here, reverted back to 15 not a problem everything working fine.

I am evaluating the XG16 and have unfortunately run into this issue with Crashplan Pro not connecting. In following things found on multiple threads regarding the same issue, I ended up creating a forwarding rule that now prevents me from accessing the admin page so I will have to reset the system and start over if I am to continue evaluating this solution. 

In the logs I can see that my outbound traffic to central.crashplanpro.com is working fine, but my return traffic from the Crashplan servers is being dropped "invalid". The only off thing I noticed is that the traffic coming from Crashplan servers has the destination as the ip of the WAN interface of my XG16 for some reason rather than the ip of the host where Crashplan is running. Other traffic, which doesn't get dropped, doesn't do this; it gets sent to LAN ip of the host that requested it. 

I really like the interface and potential of the XG16 but I cannot go without a backup of the data on this particular host. I will have to find an alternate firewall solution if there is no solution for this issue. I certainly cannot make the case to purchase the XG license or the endpoint software (which I really want to implement) if I cannot get the firewall to function correctly. 

Any help would be fantastic and I am more than happy to try any settings to help get this figured out for good. -I have to go reset my system first though. 

I too have run into this issue with XG 16 and crashplan.  All was well in XG 15 before upgrading.  Unfortunately I already wiped my backup from XG15 so I cannot revert easily.  Has anyone found a work around yet?

Hi Enigy,

I'm glad I've been subscribed to the BETA forums, Looks like they have found the issue and are working with Dev to fix it or at least sort something else.

They also list the info to stop that happening and a KB is due to come out.

You can find it all here:

https://community.sophos.com/products/xg-firewall/v16beta/f/sfos-v16-beta-issues-bugs/79608/crashplan---unable-to-connect#pi2132219853=3#310356

But for a quick look:

Workaround:

console> system application_classification microapp-discovery off

Regards

Thanks!  I somehow did not find that in my search.  That appears to have resolved it for me as well.  I'm just a home user so I don't care about app discovery.