Dear all,
for using sophos xg several month now I've struggle with some policy to allow blizzard's battle.net connection trough xg firewall.
I've created following policy for allowing the services:
SRC-Zone -> Client Zone
SRC-Host -> Any
DST-Zone -> WAN Zone
DST-Host -> Any
Srv -> Service Group with udp/tcp ports required for talking to battle.net services
I've already disabled IPS / App Filter so using plain FW rule.
Screen:
Unfortunately in the log I've seen that the traffic is using the rule but when I analyze traffic using XG Cli (drop-packet-capture) I've always seen some entries like this:
2017-02-05 13:26:10 0102021 IP X.X.X.X.59451 > 185.60.112.106.1119 : proto TCP: R 1217314618:1217314618(0) checksum : 26350
0x0000: 4500 0028 1c7f 4000 8006 82a8 0a00 2802 E..(..@.......(.
0x0010: b93c 706a e83b 045f 488e bf3a b220 46b5 .<pj.;._H..:..F.
0x0020: 5014 0000 66ee 0000 P...f...
Date=2017-02-05 Time=13:26:10 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port1 out_dev= inzone_id=0 outzone_id=0 source_mac=X.X.X.X dest_mac=X.X.X.X l3_protocol=IP source_ip=X.X.X.X dest_ip=185.60.112.106 l4_protocol=TCP source_port=59451 dest_port=1119 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A
Any suggestions?
Thanks for your help
This thread was automatically locked due to age.
