Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 18 replies
  • Answers 4 answers
  • Subscribers 27 subscribers
  • Views 46946 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Certificate problem: XG puts it's own certificate as root for LAN zone computers

Rimas Baikauskas

Hi all,

 

we have an issue with using public certificates, when browsing from XG LAN zone PC's.

As an example we are using StartCom certificate for site https://xd.datakom.lt (I use IE browser).  From outside it is working, certificate is OK:

SSL checker gives a thumbs UP:

https://www.sslshopper.com/ssl-checker.html?hostname=https%3A%2F%2Fxd.datakom.lt

But if we try to access this from our XG LAN zone computer, we get a certificate error, page does not load properly at all and a CA is shown Sophos_SSL_CA_... (same for all browsers)

Our device - XG115w (SFOS 16.05.3 MR-3).  In Certificates -> Certificate Authorities there are StartCom Authorities added:

 

What could be wrong in this case? Maybe someone had simillar problems?

Please help.

 

BR, 

Rimas



This thread was automatically locked due to age.
  • 0 in reply to Aditya Patel

    Hi Aditya, 

     

    could you tell me the way, how can I bypas this particular address in XG. Sorry for my lack of knowledge..

     

     

    BR, 

    Rimas

  • 0 in reply to lferrara

    Luk, 

     

    our default gateway is XG device itself. LAN and DMZ zones are managed by XG only. Please tell what kind of info do you need more.

    Thanks!

     

    BR, 

    Rimas

  • 0 in reply to Rimas Baikauskas

    Hi Rimas, 

    Could you check the proxy settings under Internet explorer>Internet options> Connections> Lan Settings, Also if possible post a snapshot of the same.

  • 0 in reply to Aditya Patel

    Hi Aditya, 

     

    I didn't  realize you was talking about proxy in explorer (thought you had in mind some proxy settings in XG).

    There are definetly no proxy server settings in our browser.

    We are using XG as a firewall and gateway and have couple of simple switches.

     

    BR, 

    Rimas

  • 0 in reply to Rimas Baikauskas

    Hi Rimas, 

    As per the logs, I could see the request going from ISP to another. Could you check the drop packet capture for this request . 

    command on console > drop 'host <serveraddress or URL>

  • 0 in reply to Aditya Patel

    Hi, 

     

    tried packet capture. It goes endlesly... What could be the cause of this?

     

    console> drop 'host xd.datakom.lt
    2017-05-03 23:51:58 0103021 IP 202.109.164.134.15805 > 212.52.60.98.23 : proto TCP: S 3560193122:3560193122(0) win 4245 checksum : 53591
    0x0000: 4500 0028 8ab0 0000 2706 8995 ca6d a486 E..(....'....m..
    0x0010: d434 3c62 3dbd 0017 d434 3c62 0000 0000 .4<b=....4<b....
    0x0020: 5002 1095 d157 0000 P....W..
    Date=2017-05-03 Time=23:51:58 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=4 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=202.109.164.134 dest_ip=212.52.60.98 l4_protocol=TCP source_port=15805 dest_port=23 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=57672928 masterid=0 status=256 state=1 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-03 23:52:17 0103021 IP 2.191.208.236.16587 > 212.52.60.98.23 : proto TCP: S 38953:38953(0) win 14600 checksum : 47500
    0x0000: 4500 0028 7cf4 0000 ec06 6d99 02bf d0ec E..(|.....m.....
    0x0010: d434 3c62 40cb 0017 0000 9829 0000 0000 .4<b@......)....
    0x0020: 5002 3908 b98c 0000 P.9.....
    Date=2017-05-03 Time=23:52:17 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=4 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=2.191.208.236 dest_ip=212.52.60.98 l4_protocol=TCP source_port=16587 dest_port=23 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=940717760 masterid=0 status=256 state=1 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-03 23:52:21 0103021 IP 109.122.120.134.1841 > 212.52.60.98.445 : proto TCP: S 1182123715:1182123715(0) win 65535 checksum : 30305
    0x0000: 4500 0030 33af 4000 7306 dd81 6d7a 7886 E..03.@.s...mzx.
    0x0010: d434 3c62 0731 01bd 4675 c6c3 0000 0000 .4<b.1..Fu......
    0x0020: 7002 ffff 7661 0000 0204 05b4 0101 0402 p...va..........
    Date=2017-05-03 Time=23:52:21 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=4 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=109.122.120.134 dest_ip=212.52.60.98 l4_protocol=TCP source_port=1841 dest_port=445 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=969056256 masterid=0 status=256 state=1 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-03 23:52:23 0103021 IP 109.122.120.134.1841 > 212.52.60.98.445 : proto TCP: S 1182123715:1182123715(0) win 65535 checksum : 30305
    0x0000: 4500 0030 35a3 4000 7306 db8d 6d7a 7886 E..05.@.s...mzx.
    0x0010: d434 3c62 0731 01bd 4675 c6c3 0000 0000 .4<b.1..Fu......
    0x0020: 7002 ffff 7661 0000 0204 05b4 0101 0402 p...va..........
    Date=2017-05-03 Time=23:52:23 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=4 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=109.122.120.134 dest_ip=212.52.60.98 l4_protocol=TCP source_port=1841 dest_port=445 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=969058336 masterid=0 status=256 state=1 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-03 23:54:26 0103021 IP 122.114.173.237.58204 > 212.52.60.98.1433 : proto TCP: S 2260175548:2260175548(0) win 1024 checksum : 30850
    0x0000: 4500 0028 b347 0000 e206 ec91 7a72 aded E..(.G......zr..
    0x0010: d434 3c62 e35c 0599 86b7 8abc 0000 0000 .4<b.\..........
    0x0020: 5002 0400 7882 0000 P...x...
    Date=2017-05-03 Time=23:54:26 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=4 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=122.114.173.237 dest_ip=212.52.60.98 l4_protocol=TCP source_port=58204 dest_port=1433 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=1782247072 masterid=0 status=256 state=1 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-03 23:55:58 0103021 IP 31.166.230.248.46275 > 212.52.60.98.23 : proto TCP: S 247022786:247022786(0) win 1024 checksum : 29851
    0x0000: 4500 002c 78b7 0000 ec06 3edf 1fa6 e6f8 E..,x.....>.....
    0x0010: d434 3c62 b4c3 0017 0eb9 44c2 0000 0000 .4<b......D.....
    0x0020: 6002 0400 749b 0000 0204 05b4 `...t.......
    Date=2017-05-03 Time=23:55:58 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=4 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=31.166.230.248 dest_ip=212.52.60.98 l4_protocol=TCP source_port=46275 dest_port=23 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=914269408 masterid=0 status=256 state=1 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-03 23:57:48 0102021 IP 121.8.141.54. > 212.52.60.98. :proto ICMP: dst unreachable - need to frag
    0x0000: 4500 0038 6b8f 0000 e701 5160 7908 8d36 E..8k.....Q`y..6
    0x0010: d434 3c62 0304 932d 0000 05c8 4500 05dc .4<b...-....E...
    0x0020: 3b2b 4000 e406 1385 d434 3c62 6440 cc94 ;+@......4<bd@..
    0x0030: 01bb f276 ffb6 711d ...v..q.
    Date=2017-05-03 Time=23:57:48 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=0 outzone_id=0 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=121.8.141.54 dest_ip=212.52.60.98 l4_protocol=ICMP icmp_type=3 icmp_code=4 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-03 23:57:48 0102021 IP 121.8.141.54. > 212.52.60.98. :proto ICMP: dst unreachable - need to frag
    0x0000: 4500 0038 6b90 0000 e701 515f 7908 8d36 E..8k.....Q_y..6
    0x0010: d434 3c62 0304 8d79 0000 05c8 4500 05dc .4<b...y....E...
    0x0020: 3b2d 4000 e406 1383 d434 3c62 6440 cc94 ;-@......4<bd@..
    0x0030: 01bb f276 ffb6 76d1 ...v..v.
    Date=2017-05-03 Time=23:57:48 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=0 outzone_id=0 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=121.8.141.54 dest_ip=212.52.60.98 l4_protocol=ICMP icmp_type=3 icmp_code=4 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-03 23:57:48 0102021 IP 121.8.141.54. > 212.52.60.98. :proto ICMP: dst unreachable - need to frag
    0x0000: 4500 0038 6b91 0000 e701 515e 7908 8d36 E..8k.....Q^y..6
    0x0010: d434 3c62 0304 87c5 0000 05c8 4500 05dc .4<b........E...
    0x0020: 3b2f 4000 e406 1381 d434 3c62 6440 cc94 ;/@......4<bd@..
    0x0030: 01bb f276 ffb6 7c85 ...v..|.
    Date=2017-05-03 Time=23:57:48 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=0 outzone_id=0 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=121.8.141.54 dest_ip=212.52.60.98 l4_protocol=ICMP icmp_type=3 icmp_code=4 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-03 23:57:48 0102021 IP 121.8.141.54. > 212.52.60.98. :proto ICMP: dst unreachable - need to frag
    0x0000: 4500 0038 6b95 0000 e701 515a 7908 8d36 E..8k.....QZy..6
    0x0010: d434 3c62 0304 932d 0000 05c8 4500 05dc .4<b...-....E...
    0x0020: 3b2b 4000 e406 1385 d434 3c62 6440 cc94 ;+@......4<bd@..
    0x0030: 01bb f276 ffb6 711d ...v..q.
    Date=2017-05-03 Time=23:57:48 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=0 outzone_id=0 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=121.8.141.54 dest_ip=212.52.60.98 l4_protocol=ICMP icmp_type=3 icmp_code=4 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-03 23:57:48 0102021 IP 121.8.141.54. > 212.52.60.98. :proto ICMP: dst unreachable - need to frag
    0x0000: 4500 0038 6b99 0000 e701 5156 7908 8d36 E..8k.....QVy..6
    0x0010: d434 3c62 0304 932d 0000 05c8 4500 05dc .4<b...-....E...
    0x0020: 3b2b 4000 e406 1385 d434 3c62 6440 cc94 ;+@......4<bd@..
    0x0030: 01bb f276 ffb6 711d ...v..q.
    Date=2017-05-03 Time=23:57:48 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=0 outzone_id=0 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=121.8.141.54 dest_ip=212.52.60.98 l4_protocol=ICMP icmp_type=3 icmp_code=4 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-03 23:57:48 0102021 IP 121.8.141.54. > 212.52.60.98. :proto ICMP: dst unreachable - need to frag
    0x0000: 4500 0038 6b9c 0000 e701 5153 7908 8d36 E..8k.....QSy..6
    0x0010: d434 3c62 0304 932d 0000 05c8 4500 05dc .4<b...-....E...
    0x0020: 3b2b 4000 e406 1385 d434 3c62 6440 cc94 ;+@......4<bd@..
    0x0030: 01bb f276 ffb6 711d ...v..q.
    Date=2017-05-03 Time=23:57:48 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=0 outzone_id=0 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=121.8.141.54 dest_ip=212.52.60.98 l4_protocol=ICMP icmp_type=3 icmp_code=4 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-03 23:57:49 0102021 IP 121.8.141.54. > 212.52.60.98. :proto ICMP: dst unreachable - need to frag
    0x0000: 4500 0038 6bb1 0000 e701 513e 7908 8d36 E..8k.....Q>y..6
    0x0010: d434 3c62 0304 932d 0000 05c8 4500 05dc .4<b...-....E...
    0x0020: 3b2b 4000 e406 1385 d434 3c62 6440 cc94 ;+@......4<bd@..
    0x0030: 01bb f276 ffb6 711d ...v..q.
    Date=2017-05-03 Time=23:57:49 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=0 outzone_id=0 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=121.8.141.54 dest_ip=212.52.60.98 l4_protocol=ICMP icmp_type=3 icmp_code=4 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-03 23:57:51 0102021 IP 121.8.141.54. > 212.52.60.98. :proto ICMP: dst unreachable - need to frag
    0x0000: 4500 0038 6bbe 0000 e701 5131 7908 8d36 E..8k.....Q1y..6
    0x0010: d434 3c62 0304 932d 0000 05c8 4500 05dc .4<b...-....E...
    0x0020: 3b2b 4000 e406 1385 d434 3c62 6440 cc94 ;+@......4<bd@..
    0x0030: 01bb f276 ffb6 711d ...v..q.
    Date=2017-05-03 Time=23:57:51 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=0 outzone_id=0 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=121.8.141.54 dest_ip=212.52.60.98 l4_protocol=ICMP icmp_type=3 icmp_code=4 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-03 23:57:54 0102021 IP 121.8.141.54. > 212.52.60.98. :proto ICMP: dst unreachable - need to frag
    0x0000: 4500 0038 6bdf 0000 e701 5110 7908 8d36 E..8k.....Q.y..6
    0x0010: d434 3c62 0304 932d 0000 05c8 4500 05dc .4<b...-....E...
    0x0020: 3b2b 4000 e406 1385 d434 3c62 6440 cc94 ;+@......4<bd@..
    0x0030: 01bb f276 ffb6 711d ...v..q.
    Date=2017-05-03 Time=23:57:54 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=0 outzone_id=0 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=121.8.141.54 dest_ip=212.52.60.98 l4_protocol=ICMP icmp_type=3 icmp_code=4 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-03 23:58:56 0103021 IP 123.207.121.25.42250 > 212.52.60.98.1433 : proto TCP: S 4205480920:4205480920(0) win 1024 checksum : 30012
    0x0000: 4500 0028 b223 0000 e006 232d 7bcf 7919 E..(.#....#-{.y.
    0x0010: d434 3c62 a50a 0599 faaa 8bd8 0000 0000 .4<b............
    0x0020: 5002 0400 753c 0000 P...u<..
    Date=2017-05-03 Time=23:58:56 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=4 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=123.207.121.25 dest_ip=212.52.60.98 l4_protocol=TCP source_port=42250 dest_port=1433 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=57676672 masterid=0 status=256 state=1 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-03 23:59:34 0103021 IP 182.246.241.244.62795 > 212.52.60.98.23 : proto TCP: S 3560193122:3560193122(0) win 61011 checksum : 531
    0x0000: 4500 0028 49a1 0000 2506 92ad b6f6 f1f4 E..(I...%.......
    0x0010: d434 3c62 f54b 0017 d434 3c62 0000 0000 .4<b.K...4<b....
    0x0020: 5002 ee53 0213 0000 P..S....
    Date=2017-05-03 Time=23:59:34 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=4 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=182.246.241.244 dest_ip=212.52.60.98 l4_protocol=TCP source_port=62795 dest_port=23 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=914271072 masterid=0 status=256 state=1 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-04 00:00:09 0103021 IP 89.248.171.223.37386 > 212.52.60.98.25 : proto TCP: S 4166941660:4166941660(0) win 29200 checksum : 20945
    0x0000: 4500 003c 48e8 4000 3906 e265 59f8 abdf E..<H.@.9..eY...
    0x0010: d434 3c62 920a 0019 f85e 7bdc 0000 0000 .4<b.....^{.....
    0x0020: a002 7210 51d1 0000 0204 05b4 0402 080a ..r.Q...........
    0x0030: 341d 3334 0000 0000 0103 0307 4.34........
    Date=2017-05-04 Time=00:00:09 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=2 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=89.248.171.223 dest_ip=212.52.60.98 l4_protocol=TCP source_port=37386 dest_port=25 fw_rule_id=20 policytype=1 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=520 connid=940717760 masterid=0 status=256 state=1 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-04 00:00:10 0103021 IP 89.248.171.223.37386 > 212.52.60.98.25 : proto TCP: S 4166941660:4166941660(0) win 29200 checksum : 20695
    0x0000: 4500 003c 48e9 4000 3906 e264 59f8 abdf E..<H.@.9..dY...
    0x0010: d434 3c62 920a 0019 f85e 7bdc 0000 0000 .4<b.....^{.....
    0x0020: a002 7210 50d7 0000 0204 05b4 0402 080a ..r.P...........
    0x0030: 341d 342e 0000 0000 0103 0307 4.4.........
    Date=2017-05-04 Time=00:00:10 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=2 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=89.248.171.223 dest_ip=212.52.60.98 l4_protocol=TCP source_port=37386 dest_port=25 fw_rule_id=20 policytype=1 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=520 connid=1780753216 masterid=0 status=256 state=1 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-04 00:00:12 0103021 IP 89.248.171.223.37386 > 212.52.60.98.25 : proto TCP: S 4166941660:4166941660(0) win 29200 checksum : 20194
    0x0000: 4500 003c 48ea 4000 3906 e263 59f8 abdf E..<H.@.9..cY...
    0x0010: d434 3c62 920a 0019 f85e 7bdc 0000 0000 .4<b.....^{.....
    0x0020: a002 7210 4ee2 0000 0204 05b4 0402 080a ..r.N...........
    0x0030: 341d 3623 0000 0000 0103 0307 4.6#........
    Date=2017-05-04 Time=00:00:12 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=2 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=89.248.171.223 dest_ip=212.52.60.98 l4_protocol=TCP source_port=37386 dest_port=25 fw_rule_id=20 policytype=1 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=520 connid=2828815616 masterid=0 status=256 state=1 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-04 00:00:16 0103021 IP 89.248.171.223.37386 > 212.52.60.98.25 : proto TCP: S 4166941660:4166941660(0) win 29200 checksum : 19193
    0x0000: 4500 003c 48eb 4000 3906 e262 59f8 abdf E..<H.@.9..bY...
    0x0010: d434 3c62 920a 0019 f85e 7bdc 0000 0000 .4<b.....^{.....
    0x0020: a002 7210 4af9 0000 0204 05b4 0402 080a ..r.J...........
    0x0030: 341d 3a0c 0000 0000 0103 0307 4.:.........
    Date=2017-05-04 Time=00:00:16 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=2 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=89.248.171.223 dest_ip=212.52.60.98 l4_protocol=TCP source_port=37386 dest_port=25 fw_rule_id=20 policytype=1 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=520 connid=2828819360 masterid=0 status=256 state=1 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-04 00:01:34 0103021 IP 183.129.160.229.34208 > 212.52.60.98.8080 : proto TCP: S 2805283293:2805283293(0) win 29200 checksum : 20113
    0x0000: 4500 0028 a5b3 4000 6306 091f b781 a0e5 E..(..@.c.......
    0x0010: d434 3c62 85a0 1f90 a735 39dd 0000 0000 .4<b.....59.....
    0x0020: 5002 7210 4e91 0000 P.r.N...
    Date=2017-05-04 Time=00:01:34 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=4 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=183.129.160.229 dest_ip=212.52.60.98 l4_protocol=TCP source_port=34208 dest_port=8080 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=1954706304 masterid=0 status=256 state=1 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-04 00:03:01 0103021 IP 45.55.11.143.34540 > 212.52.60.98.5900 : proto TCP: S 962840350:962840350(0) win 65535 checksum : 51211
    0x0000: 4500 0028 d431 0000 e806 b541 2d37 0b8f E..(.1.....A-7..
    0x0010: d434 3c62 86ec 170c 3963 c71e 0000 0000 .4<b....9c......
    0x0020: 5002 ffff c80b 0000 P.......
    Date=2017-05-04 Time=00:03:01 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=4 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=45.55.11.143 dest_ip=212.52.60.98 l4_protocol=TCP source_port=34540 dest_port=5900 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=335924896 masterid=0 status=256 state=1 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-04 00:04:12 0103021 IP 200.93.79.251.2248 > 212.52.60.98.445 : proto TCP: S 3810783719:3810783719(0) win 65535 checksum : 31391
    0x0000: 4500 0030 b489 4000 7306 2a4f c85d 4ffb E..0..@.s.*O.]O.
    0x0010: d434 3c62 08c8 01bd e323 f1e7 0000 0000 .4<b.....#......
    0x0020: 7002 ffff 7a9f 0000 0204 05b4 0101 0402 p...z...........
    Date=2017-05-04 Time=00:04:12 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=4 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=200.93.79.251 dest_ip=212.52.60.98 l4_protocol=TCP source_port=2248 dest_port=445 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=1109687200 masterid=0 status=256 state=1 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-04 00:04:15 0103021 IP 200.93.79.251.2248 > 212.52.60.98.445 : proto TCP: S 3810783719:3810783719(0) win 65535 checksum : 31391
    0x0000: 4500 0030 b636 4000 7306 28a2 c85d 4ffb E..0.6@.s.(..]O.
    0x0010: d434 3c62 08c8 01bd e323 f1e7 0000 0000 .4<b.....#......
    0x0020: 7002 ffff 7a9f 0000 0204 05b4 0101 0402 p...z...........
    Date=2017-05-04 Time=00:04:15 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=4 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=200.93.79.251 dest_ip=212.52.60.98 l4_protocol=TCP source_port=2248 dest_port=445 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=1109687616 masterid=0 status=256 state=1 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-04 00:07:06 0103021 IP 71.6.158.166.15314 > 212.52.60.98.21379 : proto TCP: S 1383168368:1383168368(0) win 18229 checksum : 5939
    0x0000: 4500 0028 98ca 0000 6b06 c0c2 4706 9ea6 E..(....k...G...
    0x0010: d434 3c62 3bd2 5383 5271 7970 0000 0000 .4<b;.S.Rqyp....
    0x0020: 5002 4735 1733 0000 P.G5.3..
    Date=2017-05-04 Time=00:07:06 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=4 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=71.6.158.166 dest_ip=212.52.60.98 l4_protocol=TCP source_port=15314 dest_port=21379 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=1791638432 masterid=0 status=256 state=1 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-04 00:07:29 0103021 IP 188.19.238.204.50249 > 212.52.60.98.23 : proto TCP: S 3560193122:3560193122(0) win 54873 checksum : 18714
    0x0000: 4500 0028 29a8 0000 3806 9db1 bc13 eecc E..()...8.......
    0x0010: d434 3c62 c449 0017 d434 3c62 0000 0000 .4<b.I...4<b....
    0x0020: 5002 d659 491a 0000 P..YI...
    Date=2017-05-04 Time=00:07:29 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=4 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=188.19.238.204 dest_ip=212.52.60.98 l4_protocol=TCP source_port=50249 dest_port=23 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=809469568 masterid=0 status=256 state=1 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-04 00:07:31 0103021 IP 82.145.153.15.56321 > 212.52.60.98.23 : proto TCP: S 3560193122:3560193122(0) win 52753 checksum : 63721
    0x0000: 4500 0028 d129 0000 3606 b76f 5291 990f E..(.)..6..oR...
    0x0010: d434 3c62 dc01 0017 d434 3c62 0000 0000 .4<b.....4<b....
    0x0020: 5002 ce11 f8e9 0000 P.......
    Date=2017-05-04 Time=00:07:31 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=4 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=82.145.153.15 dest_ip=212.52.60.98 l4_protocol=TCP source_port=56321 dest_port=23 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=809470816 masterid=0 status=256 state=1 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-04 00:07:44 0103021 IP 123.207.18.170.58236 > 212.52.60.98.1433 : proto TCP: S 1930002749:1930002749(0) win 1024 checksum : 12150
    0x0000: 4500 0028 b8c6 0000 e106 81f9 7bcf 12aa E..(........{...
    0x0010: d434 3c62 e37c 0599 7309 813d 0000 0000 .4<b.|..s..=....
    0x0020: 5002 0400 2f76 0000 P.../v..
    Date=2017-05-04 Time=00:07:44 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=4 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=123.207.18.170 dest_ip=212.52.60.98 l4_protocol=TCP source_port=58236 dest_port=1433 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=1782247072 masterid=0 status=256 state=1 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-04 00:07:51 0103021 IP 163.172.91.73.5108 > 212.52.60.98.5060 : proto UDP: packet len: 413 checksum : 19940
    0x0000: 4500 01b1 5de9 4000 3811 d3c6 a3ac 5b49 E...].@.8.....[I
    0x0010: d434 3c62 13f4 13c4 019d 4de4 4f50 5449 .4<b......M.OPTI
    0x0020: 4f4e 5320 7369 703a 3130 3040 3231 322e ONS.sip:100@212.
    0x0030: 3532 2e36 302e 3938 2053 4950 2f32 2e30 52.60.98.SIP/2.0
    0x0040: 0d0a 5669 613a 2053 4950 2f32 2e30 2f55 ..Via:.SIP/2.0/U
    Date=2017-05-04 Time=00:07:51 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=4 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=163.172.91.73 dest_ip=212.52.60.98 l4_protocol=UDP source_port=5108 dest_port=5060 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=2828819360 masterid=0 status=256 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-04 00:08:46 0103021 IP 219.147.19.70.58166 > 212.52.60.98.23 : proto TCP: S 3560193122:3560193122(0) win 60223 checksum : 53581
    0x0000: 4500 0028 6386 0000 2706 30da db93 1346 E..(c...'.0....F
    0x0010: d434 3c62 e336 0017 d434 3c62 0000 0000 .4<b.6...4<b....
    0x0020: 5002 eb3f d14d 0000 P..?.M..
    Date=2017-05-04 Time=00:08:46 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=4 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=219.147.19.70 dest_ip=212.52.60.98 l4_protocol=TCP source_port=58166 dest_port=23 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=1779616192 masterid=0 status=256 state=1 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-04 00:08:53 0103021 IP 123.207.4.26.55857 > 212.52.60.98.1433 : proto TCP: S 3134458073:3134458073(0) win 1024 checksum : 30698
    0x0000: 4500 0028 3122 0000 e306 162e 7bcf 041a E..(1"......{...
    0x0010: d434 3c62 da31 0599 bad4 08d9 0000 0000 .4<b.1..........
    0x0020: 5002 0400 77ea 0000 P...w...
    Date=2017-05-04 Time=00:08:53 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=4 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=123.207.4.26 dest_ip=212.52.60.98 l4_protocol=TCP source_port=55857 dest_port=1433 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=2887129184 masterid=0 status=256 state=1 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-04 00:12:00 0103021 IP 212.47.227.163.45624 > 212.52.60.98.8080 : proto TCP: S 4002637075:4002637075(0) win 1024 checksum : 48648
    0x0000: 4500 0028 46e1 0000 f306 b884 d42f e3a3 E..(F......../..
    0x0010: d434 3c62 b238 1f90 ee93 6513 0000 0000 .4<b.8....e.....
    0x0020: 5002 0400 be08 0000 P.......
    Date=2017-05-04 Time=00:12:00 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=4 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=212.47.227.163 dest_ip=212.52.60.98 l4_protocol=TCP source_port=45624 dest_port=8080 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=1958711360 masterid=0 status=256 state=1 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-04 00:12:31 0103021 IP 122.189.193.230.33477 > 212.52.60.98.22 : proto TCP: S 3560193122:3560193122(0) win 30864 checksum : 22181
    0x0000: 4500 0028 756f 0000 2606 d226 7abd c1e6 E..(uo..&..&z...
    0x0010: d434 3c62 82c5 0016 d434 3c62 0000 0000 .4<b.....4<b....
    0x0020: 5002 7890 56a5 0000 P.x.V...
    Date=2017-05-04 Time=00:12:31 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=4 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=122.189.193.230 dest_ip=212.52.60.98 l4_protocol=TCP source_port=33477 dest_port=22 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=1780759040 masterid=0 status=256 state=1 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-04 00:13:34 0103021 IP 181.222.43.205.65032 > 212.52.60.98.23 : proto TCP: S 3836542976:3836542976(0) win 14600 checksum : 41418
    0x0000: 4500 0028 799e 0000 eb06 63ef b5de 2bcd E..(y.....c...+.
    0x0010: d434 3c62 fe08 0017 e4ad 0000 0000 0000 .4<b............
    0x0020: 5002 3908 a1ca 0000 P.9.....
    Date=2017-05-04 Time=00:13:34 log_id=0103021 log_type=Firewall log_component=Local_ACLs log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=4 source_mac=c4:a8:1d:c1:a6:03 dest_mac=00:1a:8c:45:67:e1 l3_protocol=IP source_ip=181.222.43.205 dest_ip=212.52.60.98 l4_protocol=TCP source_port=65032 dest_port=23 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=914270656 masterid=0 status=256 state=1 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

     

    BR, 

    Rimas

  • 0 in reply to Rimas Baikauskas

    Hi Rimas, 

    Try again which additional filter 

    console> drop 'port 443 

  • 0 in reply to Aditya Patel

    Hi Aditya, 

    logs for drop 'port 443:

    console> drop 'port 443
    2017-05-04 23:55:49 0102021 IP 192.168.0.150.61428 > 192.168.60.98.443 : proto TCP: F 2711431608:2711431608(0) win 32641 checksum : 11430
    0x0000: 4500 0028 12af 4000 8006 29d8 c0a8 0096 E..(..@...).....
    0x0010: c0a8 3c62 eff4 01bb a19d 29b8 902d f82f ..<b......)..-./
    0x0020: 5011 7f81 2ca6 0000 0000 0000 0000 P...,.........
    Date=2017-05-04 Time=23:55:49 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port1 out_dev= inzone_id=0 outzone_id=0 source_mac=00:0f:fe:f0:4d:00 dest_mac=00:1a:8c:45:67:e0 l3_protocol=IP source_ip=192.168.0.150 dest_ip=192.168.60.98 l4_protocol=TCP source_port=61428 dest_port=443 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-04 23:55:49 0102021 IP 192.168.0.150.61428 > 192.168.60.98.443 : proto TCP: R 2711431609:2711431609(0) checksum : 44067
    0x0000: 4500 0028 12b0 4000 8006 29d7 c0a8 0096 E..(..@...).....
    0x0010: c0a8 3c62 eff4 01bb a19d 29b9 902d f82f ..<b......)..-./
    0x0020: 5014 0000 ac23 0000 0000 0000 0000 P....#........
    Date=2017-05-04 Time=23:55:49 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port1 out_dev= inzone_id=0 outzone_id=0 source_mac=00:0f:fe:f0:4d:00 dest_mac=00:1a:8c:45:67:e0 l3_protocol=IP source_ip=192.168.0.150 dest_ip=192.168.60.98 l4_protocol=TCP source_port=61428 dest_port=443 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

    2017-05-04 23:55:49 0102021 IP 192.168.0.150.61424 > 192.168.60.98.443 : proto TCP: F 1195343455:1195343455(0) win 32620 checksum : 35928
    0x0000: 4500 0028 12b1 4000 8006 29d6 c0a8 0096 E..(..@...).....
    0x0010: c0a8 3c62 eff0 01bb 473f 7e5f 8e72 a008 ..<b....G?~_.r..
    0x0020: 5011 7f6c 8c58 0000 0000 0000 0000 P..l.X........
    Date=2017-05-04 Time=23:55:49 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port1 out_dev= inzone_id=0 outzone_id=0 source_mac=00:0f:fe:f0:4d:00 dest_mac=00:1a:8c:45:67:e0 l3_protocol=IP source_ip=192.168.0.150 dest_ip=192.168.60.98 l4_protocol=TCP source_port=61424 dest_port=443 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

     

    IP 192.1868.0.150 is the PC in LAN from which I was trying to access https://xd.datakom.lt. As I understand it goes internaly straight from LAN to DMZ..

     

    BR, 

    Rimas