Guest User!
You are not Sophos Staff.
Have one firewall rule enabled. Block all outbound but what is needed, DNS, NTP, HTTP, HTTPS, ETC.
Getting blocking trying to update but failing. Firewall reports Invalid traffic from internal ip (random port) to external port 80.
Why is it blocking something going to port 80, is it filtering it because its leaving on a nonstandard port?
Is there a better way to allow?
2017-03-09 08:42:17 0102021 IP 192.168.XX.99.54323 > 216.XX.XXX.XXX.80 : proto TCP: R 1386169708:1386169708(0) checksum : 7208
0x0000: 4500 0028 0e57 4000 8006 90c4 c0a8 0163 E..(.W@........c
0x0010: d83a c16e d433 0050 529f 456c b8b2 12b2 .:.n.3.PR.El....
0x0020: 5014 0000 1c28 0000 0000 0000 0000 P....(........
Date=2017-03-09 Time=08:42:17 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port1 out_dev= inzone_id=0 outzone_id=0 source_mac=80:c1:6e:XX:XX:XX dest_mac=00:1a:8c:XX:XX:XX l3_protocol=IP source_ip=192.168.XX.99 dest_ip=216.XX.XXX.XXX l4_protocol=TCP source_port=54323 dest_port=80 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A
restarted service
