Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 23965 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

violation reason: USER_IDENTITY issue

Jim Sem

Hello,

 

Sometimes sophos drops all packages to a random user (not everyone) for 1-2 minutes and after 1 minute it stop dropping, internet start working fine. I checked the diagnostics-packet capture while sophos dropping my packages and i noticed that status "violation" and reason "USER_IDENTITY". Can you please help me in this case?

 

Thanks in advance,



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to sachingurung

    here is the log

    2017-02-02 10:24:15 0102021 IP 192.168.1.101.56183 > 52.209.106.36.80 : proto TCP: F 2721484213:2721484213(0) win 254 checksum : 20928

    0x0000:  4500 0028 7ebd 4000 7f06 1c10 c0a8 0165  E..(~.@........e

    0x0010:  34d1 6a24 db77 0050 a236 8db5 8b46 6518  4.j$.w.P.6...Fe.

    0x0020:  5011 00fe 51c0 0000 0000 0000 0000       P...Q.........

    Date=2017-02-02 Time=10:24:15 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port3 out_dev= inzone_id=0 outzone_id=0 source_mac=c8:1f:be:43:57:c2 dest_mac=00:1a:8c:51:a5:d6 l3_protocol=IP source_ip=192.168.1.101 dest_ip=52.209.106.36 l4_protocol=TCP source_port=56183 dest_port=80 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

  • 0 in reply to Jim Sem

    HI Jim,

    Invalid Traffic is observed when there is no matching firewall rule to forward the packet.

    Thanks

  • 0 in reply to sachingurung

    Hi  

    What does that mean? How do I resolve this Invalid_Traffic issue?

  • 0 in reply to Tiago Toledo

    I will DM you for further investigation.

    Thanks

  • 0 in reply to sachingurung

    I am experiencing exactly the same issue and symptoms.

    Packet capture is ok for a while then at random it fails and reports User_Identity violation (for the same machine / user / ip address)

    Is there an update on this ?