This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG310 connectivity issues for users

We have a new XG implementation. My users are experiencing the following issue. They have several systems that they connect to and it is like remoting into a terminal services server. The firewall throws violation errors and then their connection will freeze. Eventually Windows will give them the not responding error message and will close the window. My users cannot function because the connection constantly stops responding. X.X.X.X is the IP address of the terminal server that they need to access. I.I.I.I is their internal IP. I have a rule that allows all traffic to this IP. Below is a packet capture showing what is happening.

Time	In Interface	Out Interface	Ethernet Type	Source IP	Destination IP	Packet Type	Ports[src,dst]	Rule ID	Status	Reason	Username	Web Filter ID	Application Filter ID	IPS Policy ID	Bandwidth Policy ID	Connection Status
2017-06-07 08:05:03	Port4	Port1	IPv4	X.X.X.X	I.I.I.I	TCP	443,53025	0	Violation	Firewall	-	No Policy	No Policy	No Policy	No Policy	ASSURED
2017-06-07 08:04:56	Port4	Port1	IPv4	X.X.X.X	I.I.I.I	TCP	443,53025	0	Violation	Firewall	-	No Policy	No Policy	No Policy	No Policy	ASSURED

2017-06-07 08:05:06

Port4

Port1

IPv4

X.X.X.X

I.I.I.I

TCP

443,53025

Violation

Firewall

No Policy

ASSURED

2017-06-07 08:05:03

Port4

Port1

IPv4

X.X.X.X

I.I.I.I

TCP

443,53025

Violation

Firewall

No Policy

ASSURED

2017-06-07 08:04:56

Port4

Port1

IPv4

X.X.X.X

I.I.I.I

TCP

443,53025

Violation

Firewall

No Policy

ASSURED

2017-06-07 08:06:33

Port1

IPv4

I.I.I.I

X.X.X.X

TCP

53022,443

Violation

INVALID_TRAFFIC

No Policy

UNREPLIED

2017-06-07 08:06:33

Port1

IPv4

I.I.I.I

X.X.X.X

TCP

53022,443

Incoming

No Policy

UNREPLIED

2017-06-07 08:06:29

Port1

IPv4

I.I.I.I

X.X.X.X

TCP

53022,443

Violation

INVALID_TRAFFIC

No Policy

UNREPLIED

2017-06-07 08:06:29

Port1

IPv4

I.I.I.I

X.X.X.X

TCP

53022,443

Incoming

No Policy

UNREPLIED

2017-06-07 08:06:28

Port1

IPv4

I.I.I.I

X.X.X.X

TCP

53022,443

Violation

INVALID_TRAFFIC

No Policy

UNREPLIED

2017-06-07 08:06:28

Port1

IPv4

I.I.I.I

X.X.X.X

TCP

53022,443

Incoming

No Policy

UNREPLIED

2017-06-07 08:06:26

Port1

IPv4

I.I.I.I

X.X.X.X

TCP

53022,443

Violation

INVALID_TRAFFIC

No Policy

UNREPLIED

2017-06-07 08:06:26

Port1

IPv4

I.I.I.I

X.X.X.X

TCP

53022,443

Incoming

No Policy

UNREPLIED

2017-06-07 08:06:25

Port1

IPv4

I.I.I.I

X.X.X.X

TCP

53022,443

Violation

INVALID_TRAFFIC

No Policy

UNREPLIED

2017-06-07 08:06:25

Port1

IPv4

I.I.I.I

X.X.X.X

TCP

53022,443

Incoming

No Policy

UNREPLIED

I have logged several tickets with support and have not gotten it fixed yet. I set this up with the help of two separate Sophos Engineers, because I have no experience with Sophos.

My users are understandably ready to throw IT out the window as well as the XG.

Any thoughts on how to resolve this?

This thread was automatically locked due to age.

0 sachingurung over 8 years ago

Hi April,

Please share the case# so that I can personally look into it. I would recommend you to check #1 in my troubleshooting guide and show me the results of drop-packet-capture. Also, show me an inside picture of the fw-rule configuration which forwards/drops the affected traffic.

Thanks
Cancel
Vote Up 0 Vote Down

Cancel
0 April Beachy over 8 years ago in reply to sachingurung

Case # 7257015

Results of packet capture below and firewall rule:

console> drop-packet-capture 'host X.X.X.X'
2017-06-07 10:22:49 0101021 IP X.X.X.X.443 > I.I.I.I.54134 : proto T
CP: P 2336642156:2336642209(53) win 258 checksum : 40457
0x0000:  4500 005d 413f 4000 6e06 6f3c ae81 f74c  E..]A?@.n.o<...L
0x0010:  ac10 0a41 01bb d376 8b46 546c 4eaf 06d7  ...A...v.FTlN...
0x0020:  5018 0102 9e09 0000 1703 0100 3052 01cb  P...........0R..
0x0030:  6f50 1e2f 2844 1971 5ca8 5d0f 5d36 0eab  oP./(D.q\.].]6..
0x0040:  390b c512 6edb d8e0 e2c7 3896 9f84 8de4  9...n.....8.....
0x0050:  947c 4d6c 8362 5843 9a62 3080 54         .|Ml.bXC.b0.T
Date=2017-06-07 Time=10:22:49 log_id=0101021 log_type=Firewall log_component=Fir
ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_
dev=Port5 out_dev=Port1 inzone_id=1 outzone_id=2 source_mac=00:0c:42:e5:cf:db de
st_mac=00:e0:20:11:08:fe l3_protocol=IP source_ip=X.X.X.X dest_ip=I.I.
10.65 l4_protocol=TCP source_port=443 dest_port=54134 fw_rule_id=0 policytype=1
live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id
=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_fi
lter_id=0 app_category_id=5 app_id=100 category_id=0 bandwidth_id=0 up_classid=0
dn_classid=0 source_nat_id=1 cluster_node=0 inmark=0x0 nfqueue=100 scanflags=0
gateway_offset=1 max_session_bytes=0 drop_fix=0 ctflags=65576 connid=518522912 m
asterid=0 status=414 state=3 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_byt
es=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

2017-06-07 10:22:49 0101021 IP I.I.I.I.54131 > X.X.X.X.443 : proto T
CP: P 2375409171:2375409261(90) win 4065 checksum : 58703
0x0000:  4500 0082 029d 4000 7f06 9cb9 ac10 0a41  E.....@........A
0x0010:  ae81 f74c d373 01bb 8d95 de13 23c9 0e62  ...L.s......#..b
0x0020:  5018 0fe1 e54f 0000 1703 0100 206c 52e7  P....O.......lR.
0x0030:  3e95 c33d 8cda c4fd de21 9d59 6796 7606  >..=.....!.Yg.v.
0x0040:  a5b0 debe 78e0 f565 c08e c31d e317 0301  ....x..e........
0x0050:  0030 ecd3 7b66 3b17 833e c96d faac 2307  .0..{f;..>.m..#.
0x0060:  7dad 62f1 7a23 76c3 0d4b 11fb e40d 427b  }.b.z#v..K....B{
0x0070:  614d 9f0b dd4d f0a8 e5e3 6883 0401 538f  aM...M....h...S.
0x0080:  bd0a                                     ..
Date=2017-06-07 Time=10:22:49 log_id=0101021 log_type=Firewall log_component=Fir
ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_
dev=Port1 out_dev=Port5 inzone_id=1 outzone_id=2 source_mac=64:00:6a:76:5c:80 de
st_mac=00:e0:20:11:0a:34 l3_protocol=IP source_ip=I.I.10.65 dest_ip=174.129.2
47.76 l4_protocol=TCP source_port=54131 dest_port=443 fw_rule_id=0 policytype=1
live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id
=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_fi
lter_id=0 app_category_id=5 app_id=100 category_id=0 bandwidth_id=0 up_classid=0
dn_classid=0 source_nat_id=1 cluster_node=0 inmark=0x0 nfqueue=103 scanflags=0
gateway_offset=1 max_session_bytes=0 drop_fix=0 ctflags=65576 connid=1519330944
masterid=0 status=414 state=3 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_by
tes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

2017-06-07 10:22:50 0101021 IP X.X.X.X.443 > I.I.10.65.54134 : proto T
CP: P 2336642156:2336642209(53) win 258 checksum : 40457
0x0000:  4500 005d 41bc 4000 6e06 6ebf ae81 f74c  E..]A.@.n.n....L
0x0010:  ac10 0a41 01bb d376 8b46 546c 4eaf 06d7  ...A...v.FTlN...
0x0020:  5018 0102 9e09 0000 1703 0100 3052 01cb  P...........0R..
0x0030:  6f50 1e2f 2844 1971 5ca8 5d0f 5d36 0eab  oP./(D.q\.].]6..
0x0040:  390b c512 6edb d8e0 e2c7 3896 9f84 8de4  9...n.....8.....
0x0050:  947c 4d6c 8362 5843 9a62 3080 54         .|Ml.bXC.b0.T
Date=2017-06-07 Time=10:22:50 log_id=0101021 log_type=Firewall log_component=Fir
ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_
dev=Port5 out_dev=Port1 inzone_id=1 outzone_id=2 source_mac=00:0c:42:e5:cf:db de
st_mac=00:e0:20:11:08:fe l3_protocol=IP source_ip=X.X.X.X dest_ip=I.I.
10.65 l4_protocol=TCP source_port=443 dest_port=54134 fw_rule_id=0 policytype=1
live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id
=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_fi
lter_id=0 app_category_id=5 app_id=100 category_id=0 bandwidth_id=0 up_classid=0
dn_classid=0 source_nat_id=1 cluster_node=0 inmark=0x0 nfqueue=100 scanflags=0
gateway_offset=1 max_session_bytes=0 drop_fix=0 ctflags=65576 connid=518522912 m
asterid=0 status=414 state=3 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_byt
es=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

2017-06-07 10:22:50 0101021 IP X.X.X.X.443 > I.I.10.65.54134 : proto T
CP: P 2336642156:2336642209(53) win 258 checksum : 40457
0x0000:  4500 005d 4293 4000 6e06 6de8 ae81 f74c  E..]B.@.n.m....L
0x0010:  ac10 0a41 01bb d376 8b46 546c 4eaf 06d7  ...A...v.FTlN...
0x0020:  5018 0102 9e09 0000 1703 0100 3052 01cb  P...........0R..
0x0030:  6f50 1e2f 2844 1971 5ca8 5d0f 5d36 0eab  oP./(D.q\.].]6..
0x0040:  390b c512 6edb d8e0 e2c7 3896 9f84 8de4  9...n.....8.....
0x0050:  947c 4d6c 8362 5843 9a62 3080 54         .|Ml.bXC.b0.T
Date=2017-06-07 Time=10:22:50 log_id=0101021 log_type=Firewall log_component=Fir
ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_
dev=Port5 out_dev=Port1 inzone_id=1 outzone_id=2 source_mac=00:0c:42:e5:cf:db de
st_mac=00:e0:20:11:08:fe l3_protocol=IP source_ip=X.X.X.X dest_ip=I.I.
10.65 l4_protocol=TCP source_port=443 dest_port=54134 fw_rule_id=0 policytype=1
live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id
=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_fi
lter_id=0 app_category_id=5 app_id=100 category_id=0 bandwidth_id=0 up_classid=0
dn_classid=0 source_nat_id=1 cluster_node=0 inmark=0x0 nfqueue=100 scanflags=0
gateway_offset=1 max_session_bytes=0 drop_fix=0 ctflags=65576 connid=518522912 m
asterid=0 status=414 state=3 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_byt
es=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

2017-06-07 10:22:52 0101021 IP X.X.X.X.443 > I.I.10.65.54134 : proto T
CP: P 2336642156:2336642209(53) win 258 checksum : 40457
0x0000:  4500 005d 4452 4000 6e06 6c29 ae81 f74c  E..]DR@.n.l)...L
0x0010:  ac10 0a41 01bb d376 8b46 546c 4eaf 06d7  ...A...v.FTlN...
0x0020:  5018 0102 9e09 0000 1703 0100 3052 01cb  P...........0R..
0x0030:  6f50 1e2f 2844 1971 5ca8 5d0f 5d36 0eab  oP./(D.q\.].]6..
0x0040:  390b c512 6edb d8e0 e2c7 3896 9f84 8de4  9...n.....8.....
0x0050:  947c 4d6c 8362 5843 9a62 3080 54         .|Ml.bXC.b0.T
Date=2017-06-07 Time=10:22:52 log_id=0101021 log_type=Firewall log_component=Fir
ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_
dev=Port5 out_dev=Port1 inzone_id=1 outzone_id=2 source_mac=00:0c:42:e5:cf:db de
st_mac=00:e0:20:11:08:fe l3_protocol=IP source_ip=X.X.X.X dest_ip=I.I.
10.65 l4_protocol=TCP source_port=443 dest_port=54134 fw_rule_id=0 policytype=1
live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id
=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_fi
lter_id=0 app_category_id=5 app_id=100 category_id=0 bandwidth_id=0 up_classid=0
dn_classid=0 source_nat_id=1 cluster_node=0 inmark=0x0 nfqueue=100 scanflags=0
gateway_offset=1 max_session_bytes=0 drop_fix=0 ctflags=65576 connid=518522912 m
asterid=0 status=414 state=3 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_byt
es=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

2017-06-07 10:22:55 0101021 IP X.X.X.X.443 > I.I.10.65.54134 : proto T
CP: P 2336642156:2336642209(53) win 258 checksum : 40457
0x0000:  4500 005d 476a 4000 6e06 6911 ae81 f74c  E..]Gj@.n.i....L
0x0010:  ac10 0a41 01bb d376 8b46 546c 4eaf 06d7  ...A...v.FTlN...
0x0020:  5018 0102 9e09 0000 1703 0100 3052 01cb  P...........0R..
0x0030:  6f50 1e2f 2844 1971 5ca8 5d0f 5d36 0eab  oP./(D.q\.].]6..
0x0040:  390b c512 6edb d8e0 e2c7 3896 9f84 8de4  9...n.....8.....
0x0050:  947c 4d6c 8362 5843 9a62 3080 54         .|Ml.bXC.b0.T
Date=2017-06-07 Time=10:22:55 log_id=0101021 log_type=Firewall log_component=Fir
ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_
dev=Port5 out_dev=Port1 inzone_id=1 outzone_id=2 source_mac=00:0c:42:e5:cf:db de
st_mac=00:e0:20:11:08:fe l3_protocol=IP source_ip=X.X.X.X dest_ip=I.I.
10.65 l4_protocol=TCP source_port=443 dest_port=54134 fw_rule_id=0 policytype=1
live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id
=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_fi
lter_id=0 app_category_id=5 app_id=100 category_id=0 bandwidth_id=0 up_classid=0
dn_classid=0 source_nat_id=1 cluster_node=0 inmark=0x0 nfqueue=100 scanflags=0
gateway_offset=1 max_session_bytes=0 drop_fix=0 ctflags=65576 connid=518522912 m
asterid=0 status=414 state=3 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_byt
es=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

2017-06-07 10:23:01 0101021 IP X.X.X.X.443 > I.I.10.65.54134 : proto T
CP: P 2336642156:2336642209(53) win 258 checksum : 40457
0x0000:  4500 005d 4dd6 4000 6e06 62a5 ae81 f74c  E..]M.@.n.b....L
0x0010:  ac10 0a41 01bb d376 8b46 546c 4eaf 06d7  ...A...v.FTlN...
0x0020:  5018 0102 9e09 0000 1703 0100 3052 01cb  P...........0R..
0x0030:  6f50 1e2f 2844 1971 5ca8 5d0f 5d36 0eab  oP./(D.q\.].]6..
0x0040:  390b c512 6edb d8e0 e2c7 3896 9f84 8de4  9...n.....8.....
0x0050:  947c 4d6c 8362 5843 9a62 3080 54         .|Ml.bXC.b0.T
Date=2017-06-07 Time=10:23:01 log_id=0101021 log_type=Firewall log_component=Fir
ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_
dev=Port5 out_dev=Port1 inzone_id=1 outzone_id=2 source_mac=00:0c:42:e5:cf:db de
st_mac=00:e0:20:11:08:fe l3_protocol=IP source_ip=X.X.X.X dest_ip=I.I.
10.65 l4_protocol=TCP source_port=443 dest_port=54134 fw_rule_id=0 policytype=1
live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id
=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_fi
lter_id=0 app_category_id=5 app_id=100 category_id=0 bandwidth_id=0 up_classid=0
dn_classid=0 source_nat_id=1 cluster_node=0 inmark=0x0 nfqueue=100 scanflags=0
gateway_offset=1 max_session_bytes=0 drop_fix=0 ctflags=65576 connid=518522912 m
asterid=0 status=414 state=3 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_byt
es=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

2017-06-07 10:23:05 0101021 IP I.I.11.47.62818 > X.X.X.X.443 : proto T
CP:  3892169251:3892169251(0) ack 3551775772 win 257 checksum : 2230
0x0000:  4500 0028 69a9 0000 7f06 7519 ac10 0b2f  E..(i.....u..../
0x0010:  ae81 f74c f562 01bb e7fd ca23 d3b3 cc1c  ...L.b.....#....
0x0020:  5010 0101 08b6 0000                      P.......
Date=2017-06-07 Time=10:23:05 log_id=0101021 log_type=Firewall log_component=Fir
ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_
dev=Port1 out_dev=Port5 inzone_id=1 outzone_id=2 source_mac=c8:d3:ff:e7:6a:08 de
st_mac=00:e0:20:11:0a:34 l3_protocol=IP source_ip=I.I.11.47 dest_ip=174.129.2
47.76 l4_protocol=TCP source_port=62818 dest_port=443 fw_rule_id=0 policytype=1
live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id
=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_fi
lter_id=0 app_category_id=5 app_id=100 category_id=0 bandwidth_id=0 up_classid=0
dn_classid=0 source_nat_id=1 cluster_node=0 inmark=0x0 nfqueue=103 scanflags=0
gateway_offset=1 max_session_bytes=0 drop_fix=0 ctflags=65576 connid=3162186976
masterid=0 status=414 state=3 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_by
tes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

2017-06-07 10:23:05 0101021 IP X.X.X.X.443 > I.I.11.47.62818 : proto T
CP: P 3551775772:3551776017(245) win 258 checksum : 16937
0x0000:  4500 011d 5405 4000 6e06 5ac8 ae81 f74c  E...T.@.n.Z....L
0x0010:  ac10 0b2f 01bb f562 d3b3 cc1c e7fd ca23  .../...b.......#
0x0020:  5018 0102 4229 0000 1703 0300 f00d 96ad  P...B)..........
0x0030:  1a9b 793b c854 04f5 a9db b4c2 b67a 39cd  ..y;.T.......z9.
0x0040:  54e8 e017 0e12 334e d8f9 70fb 98c6 79bf  T.....3N..p...y.
0x0050:  046d 72a6 e337 3145 b429 4635 95c1 bce4  .mr..71E.)F5....
0x0060:  1c35 18b5 ea52 5caf 0f0a a7c0 1ea0 d683  .5...R\.........
0x0070:  af36 7d0b 3c77 0065 3d74 3be9 fbea 4a60  .6}.<w.e=t;...J`
0x0080:  97c1 302d 5d46 3c27 5ede 1e8d 8331 7b61  ..0-]F<'^....1{a
0x0090:  cd23 66c5 bec7 df64 f5aa a190 315f 7d88  .#f....d....1_}.
0x00a0:  17d9 ca1a 6304 67b9 16cc 0d47 0e08 544b  ....c.g....G..TK
0x00b0:  9662 2c61 3e94 eb48 67b3 ce06 41fc 9af3  .b,a>..Hg...A...
0x00c0:  6252 9ca3 38dd abd1 eee3 5b3d 6aa4 2546  bR..8.....[=j.%F
0x00d0:  f085 d526 ab7b 66df 8f9c 4c0b 34c6 fcd5  ...&.{f...L.4...
0x00e0:  56fb 094a 0661 487c 9c92 dcbd 2639 f6a7  V..J.aH|....&9..
0x00f0:  5674 157c 5c99 a48d 2113 4ac8 d8a4 6579  Vt.|\...!.J...ey
0x0100:  d5d6 5639 1764 2617 2da5 de94 5760 8c82  ..V9.d&.-...W`..
0x0110:  7a32 1fa8 f0e2 350c 1a11 cdd8 50         z2....5.....P
Date=2017-06-07 Time=10:23:05 log_id=0101021 log_type=Firewall log_component=Fir
ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_
dev=Port5 out_dev=Port1 inzone_id=1 outzone_id=2 source_mac=00:0c:42:e5:cf:db de
st_mac=00:e0:20:11:08:fe l3_protocol=IP source_ip=X.X.X.X dest_ip=I.I.
11.47 l4_protocol=TCP source_port=443 dest_port=62818 fw_rule_id=0 policytype=1
live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id
=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_fi
lter_id=0 app_category_id=5 app_id=100 category_id=0 bandwidth_id=0 up_classid=0
dn_classid=0 source_nat_id=1 cluster_node=0 inmark=0x0 nfqueue=103 scanflags=0
gateway_offset=1 max_session_bytes=0 drop_fix=0 ctflags=65576 connid=3162186976
masterid=0 status=414 state=3 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_by
tes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

2017-06-07 10:23:05 0101021 IP X.X.X.X.443 > I.I.11.47.62816 : proto T
CP:  361434446:361434446(0) ack 2832268389 win 256 checksum : 37531
0x0000:  4500 0028 5420 4000 6f06 5aa2 ae81 f74c  E..(T.@.o.Z....L
0x0010:  ac10 0b2f 01bb f560 158b 0d4e a8d0 fc65  .../...`...N...e
0x0020:  5010 0100 929b 0000                      P.......
Date=2017-06-07 Time=10:23:05 log_id=0101021 log_type=Firewall log_component=Fir
ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_
dev=Port4 out_dev=Port1 inzone_id=1 outzone_id=2 source_mac=b0:a8:6e:91:96:55 de
st_mac=00:e0:20:15:0f:89 l3_protocol=IP source_ip=X.X.X.X dest_ip=I.I.
11.47 l4_protocol=TCP source_port=443 dest_port=62816 fw_rule_id=0 policytype=1
live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id
=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_fi
lter_id=0 app_category_id=5 app_id=100 category_id=0 bandwidth_id=0 up_classid=0
dn_classid=0 source_nat_id=1 cluster_node=0 inmark=0x0 nfqueue=102 scanflags=0
gateway_offset=2 max_session_bytes=0 drop_fix=0 ctflags=65576 connid=2235308544
masterid=0 status=414 state=3 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_by
tes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

2017-06-07 10:23:05 0101021 IP X.X.X.X.443 > I.I.11.47.62818 : proto T
CP: P 3551776017:3551776262(245) win 258 checksum : 25785
0x0000:  4500 011d 5435 4000 6e06 5a98 ae81 f74c  E...T5@.n.Z....L
0x0010:  ac10 0b2f 01bb f562 d3b3 cd11 e7fd ca23  .../...b.......#
0x0020:  5018 0102 64b9 0000 1703 0300 f08c 7c1e  P...d.........|.
0x0030:  0e58 65ac 9ef0 ffa0 5e1a 2929 ea08 047c  .Xe.....^.))...|
0x0040:  9bb5 b45d ac28 5f9e 7825 1cb9 0495 7ed8  ...].(_.x%....~.
0x0050:  a6b8 6b50 fe1c 0f8e 4db1 3260 9483 474d  ..kP....M.2`..GM
0x0060:  21b1 bbb1 a846 2f7e adac ca94 4d71 81c4  !....F/~....Mq..
0x0070:  9ce6 2255 3dd0 8dc2 e0d7 7597 6f7b 0323  .."U=.....u.o{.#
0x0080:  8a22 4c61 69cb 6c36 c24f 1098 2692 a591  ."Lai.l6.O..&...
0x0090:  dca3 6e5e 9332 f3db a7af f19a 0d2a e714  ..n^.2.......*..
0x00a0:  10c6 a9cf 2fea d818 f1b6 ebe2 782f 0651  ..../.......x/.Q
0x00b0:  b86b d7d8 a31c b2b0 b2a4 0be2 8d7e 54fd  .k...........~T.
0x00c0:  e56a 6409 6cbe e347 a62f 2ba0 7d4e a656  .jd.l..G./+.}N.V
0x00d0:  ea49 a5d0 d22f 7356 0acf 89bd df02 e8b6  .I.../sV........
0x00e0:  3df6 7f96 ce1f fcdc 90e0 2cba 174d f1d2  =.........,..M..
0x00f0:  7a49 9332 f4c6 e800 34d8 0f45 e647 9f01  zI.2....4..E.G..
0x0100:  6951 02c6 007c dc67 8358 eb42 b05f d7e1  iQ...|.g.X.B._..
0x0110:  24d4 f350 e2d8 399e 977f 0317 2f         $..P..9...../
Date=2017-06-07 Time=10:23:05 log_id=0101021 log_type=Firewall log_component=Fir
ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_
dev=Port5 out_dev=Port1 inzone_id=1 outzone_id=2 source_mac=00:0c:42:e5:cf:db de
st_mac=00:e0:20:11:08:fe l3_protocol=IP source_ip=X.X.X.X dest_ip=I.I.
11.47 l4_protocol=TCP source_port=443 dest_port=62818 fw_rule_id=0 policytype=1
live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id
=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_fi
lter_id=0 app_category_id=5 app_id=100 category_id=0 bandwidth_id=0 up_classid=0
dn_classid=0 source_nat_id=1 cluster_node=0 inmark=0x0 nfqueue=103 scanflags=0
gateway_offset=1 max_session_bytes=0 drop_fix=0 ctflags=65576 connid=3162186976
masterid=0 status=414 state=3 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_by
tes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

2017-06-07 10:23:05 0101021 IP X.X.X.X.443 > I.I.11.47.62818 : proto T
CP: P 3551775527:3551776262(735) win 258 checksum : 52968
0x0000:  4500 0307 5443 4000 6e06 58a0 ae81 f74c  E...TC@.n.X....L
0x0010:  ac10 0b2f 01bb f562 d3b3 cb27 e7fd ca23  .../...b...'...#
0x0020:  5018 0102 cee8 0000 1703 0300 f0ce aedc  P...............
0x0030:  d03e 43e2 818d ade9 4dbd a072 a5ca 482f  .>C.....M..r..H/
0x0040:  dcbb 5d16 9c61 441f 372e d624 13ee 89ef  ..]..aD.7..$....
0x0050:  1cd4 1b4b cef6 4c22 7813 4048 336e 6a92  ...K..L"x.@H3nj.
0x0060:  d2d7 112e f901 b996 dc7e 4f2f c8fe 39e5  .........~O/..9.
0x0070:  db76 e032 17c7 bd58 0824 aa9d 30d8 a660  .v.2...X.$..0..`
0x0080:  97a7 67ef 7599 ae62 cf54 3b5e 516e 6691  ..g.u..b.T;^Qnf.
0x0090:  0f25 b147 8daa 67f3 b108 fa92 4a51 bdcd  .%.G..g.....JQ..
0x00a0:  4a87 779f 71f1 eddb d796 386e c570 9103  J.w.q.....8n.p..
0x00b0:  86f2 3e0f 84d0 179b c795 3584 f646 61eb  ..>.......5..Fa.
0x00c0:  1e30 1266 c624 ce2f cd27 1f8a 68d3 8393  .0.f.$./.'..h...
0x00d0:  4cf5 a746 7afe b8c3 f43c c9e9 44fc 829e  L..Fz....<..D...
0x00e0:  c04b dc4f 5312 fe56 7517 bd0f 2dc6 e19f  .K.OS..Vu...-...
0x00f0:  0865 5616 fb76 79c9 088a bbc2 fbbb 1685  .eV..vy.........
0x0100:  4f04 862f 0de8 a145 6979 e8c6 284a 2021  O../...Eiy..(J.!
0x0110:  11d3 e978 86a4 6ae9 c37b 8d57 cd17 0303  ...x..j..{.W....
0x0120:  00f0 0d96 ad1a 9b79 3bc8 5404 f5a9 dbb4  .......y;.T.....
0x0130:  c2b6 7a39 cd54 e8e0 170e 1233 4ed8 f970  ..z9.T.....3N..p
0x0140:  fb98 c679 bf04 6d72 a6e3 3731 45b4 2946  ...y..mr..71E.)F
0x0150:  3595 c1bc e41c 3518 b5ea 525c af0f 0aa7  5.....5...R\....
0x0160:  c01e a0d6 83af 367d 0b3c 7700 653d 743b  ......6}.<w.e=t;
0x0170:  e9fb ea4a 6097 c130 2d5d 463c 275e de1e  ...J`..0-]F<'^..
0x0180:  8d83 317b 61cd 2366 c5be c7df 64f5 aaa1  ..1{a.#f....d...
0x0190:  9031 5f7d 8817 d9ca 1a63 0467 b916 cc0d  .1_}.....c.g....
0x01a0:  470e 0854 4b96 622c 613e 94eb 4867 b3ce  G..TK.b,a>..Hg..
0x01b0:  0641 fc9a f362 529c a338 ddab d1ee e35b  .A...bR..8.....[
0x01c0:  3d6a a425 46f0 85d5 26ab 7b66 df8f 9c4c  =j.%F...&.{f...L
0x01d0:  0b34 c6fc d556 fb09 4a06 6148 7c9c 92dc  .4...V..J.aH|...
0x01e0:  bd26 39f6 a756 7415 7c5c 99a4 8d21 134a  .&9..Vt.|\...!.J
0x01f0:  c8d8 a465 79d5 d656 3917 6426 172d a5de  ...ey..V9.d&.-..
0x0200:  9457 608c 827a 321f a8f0 e235 0c1a 11cd  .W`..z2....5....
0x0210:  d850 1703 0300 f08c 7c1e 0e58 65ac 9ef0  .P......|..Xe...
0x0220:  ffa0 5e1a 2929 ea08 047c 9bb5 b45d ac28  ..^.))...|...].(
0x0230:  5f9e 7825 1cb9 0495 7ed8 a6b8 6b50 fe1c  _.x%....~...kP..
0x0240:  0f8e 4db1 3260 9483 474d 21b1 bbb1 a846  ..M.2`..GM!....F
0x0250:  2f7e adac ca94 4d71 81c4 9ce6 2255 3dd0  /~....Mq...."U=.
0x0260:  8dc2 e0d7 7597 6f7b 0323 8a22 4c61 69cb  ....u.o{.#."Lai.
0x0270:  6c36 c24f 1098 2692 a591 dca3 6e5e 9332  l6.O..&.....n^.2
0x0280:  f3db a7af f19a 0d2a e714 10c6 a9cf 2fea  .......*....../.
0x0290:  d818 f1b6 ebe2 782f 0651 b86b d7d8 a31c  ......x/.Q.k....
0x02a0:  b2b0 b2a4 0be2 8d7e 54fd e56a 6409 6cbe  .......~T..jd.l.
0x02b0:  e347 a62f 2ba0 7d4e a656 ea49 a5d0 d22f  .G./+.}N.V.I.../
0x02c0:  7356 0acf 89bd df02 e8b6 3df6 7f96 ce1f  sV........=.....
0x02d0:  fcdc 90e0 2cba 174d f1d2 7a49 9332 f4c6  ....,..M..zI.2..
0x02e0:  e800 34d8 0f45 e647 9f01 6951 02c6 007c  ..4..E.G..iQ...|
0x02f0:  dc67 8358 eb42 b05f d7e1 24d4 f350 e2d8  .g.X.B._..$..P..
0x0300:  399e 977f 0317 2f                        9...../
Date=2017-06-07 Time=10:23:05 log_id=0101021 log_type=Firewall log_component=Fir
ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_
dev=Port5 out_dev=Port1 inzone_id=1 outzone_id=2 source_mac=00:0c:42:e5:cf:db de
st_mac=00:e0:20:11:08:fe l3_protocol=IP source_ip=X.X.X.X dest_ip=I.I.
11.47 l4_protocol=TCP source_port=443 dest_port=62818 fw_rule_id=0 policytype=1
live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id
=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_fi
lter_id=0 app_category_id=5 app_id=100 category_id=0 bandwidth_id=0 up_classid=0
dn_classid=0 source_nat_id=1 cluster_node=0 inmark=0x0 nfqueue=103 scanflags=0
gateway_offset=1 max_session_bytes=0 drop_fix=0 ctflags=65576 connid=3162186976
masterid=0 status=414 state=3 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_by
tes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

2017-06-07 10:23:05 0101021 IP X.X.X.X.443 > I.I.11.47.62818 : proto T
CP: P 3551776262:3551776507(245) win 258 checksum : 20896
0x0000:  4500 011d 5458 4000 6e06 5a75 ae81 f74c  E...TX@.n.Zu...L
0x0010:  ac10 0b2f 01bb f562 d3b3 ce06 e7fd ca23  .../...b.......#
0x0020:  5018 0102 51a0 0000 1703 0300 f0d4 8bc3  P...Q...........
0x0030:  45c1 1cda fa7d 5c67 980c 60e4 d846 80d4  E....}\g..`..F..
0x0040:  0337 d6ac 4a53 ad5c 7f43 c348 93d3 fca6  .7..JS.\.C.H....
0x0050:  b166 db00 38e6 e554 0d55 de1c 90fa e236  .f..8..T.U.....6
0x0060:  5a0f 5dee 1fc0 4c69 30c7 0b78 37ff f2ca  Z.]...Li0..x7...
0x0070:  216f 1b96 aff0 2557 fb70 bef9 0420 b035  !o....%W.p.....5
0x0080:  fcbf 3c23 c05f db48 6479 72b9 ef55 ee3f  ..<#._.Hdyr..U.?
0x0090:  48d2 7537 9077 433d 1258 8cd9 b3bd 81a7  H.u7.wC=.X......
0x00a0:  48da 2d28 e039 4302 f870 8f0f 6f97 1746  H.-(.9C..p..o..F
0x00b0:  32e9 9aa8 6406 f673 3c27 cc2a 8559 1985  2...d..s<'.*.Y..
0x00c0:  1e94 ddad f789 6448 8f9d 7f71 7764 e9af  ......dH...qwd..
0x00d0:  a140 63e1 21ee 825f 1271 e2b6 87ff 8f09  .@c.!.._.q......
0x00e0:  c159 dd38 2395 3894 af76 0618 a5ea 4661  .Y.8#.8..v....Fa
0x00f0:  d412 f987 e64f 783d 6074 6ae8 06b4 44a1  .....Ox=`tj...D.
0x0100:  610d 3ae7 9509 7a87 97cc 8f65 a89c 3f76  a.:...z....e..?v
0x0110:  8b58 5e23 0b37 0e7c c1e5 3f39 d5         .X^#.7.|..?9.
Date=2017-06-07 Time=10:23:05 log_id=0101021 log_type=Firewall log_component=Fir
ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_
dev=Port5 out_dev=Port1 inzone_id=1 outzone_id=2 source_mac=00:0c:42:e5:cf:db de
st_mac=00:e0:20:11:08:fe l3_protocol=IP source_ip=X.X.X.X dest_ip=I.I.
11.47 l4_protocol=TCP source_port=443 dest_port=62818 fw_rule_id=0 policytype=1
live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id
=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_fi
lter_id=0 app_category_id=5 app_id=100 category_id=0 bandwidth_id=0 up_classid=0
dn_classid=0 source_nat_id=1 cluster_node=0 inmark=0x0 nfqueue=103 scanflags=0
gateway_offset=1 max_session_bytes=0 drop_fix=0 ctflags=65576 connid=3162186976
masterid=0 status=414 state=3 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_by
tes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

2017-06-07 10:23:05 0101021 IP X.X.X.X.443 > I.I.11.47.62818 : proto T
CP: P 3551776507:3551776656(149) win 258 checksum : 63619
0x0000:  4500 00bd 545d 4000 6e06 5ad0 ae81 f74c  E...T]@.n.Z....L
0x0010:  ac10 0b2f 01bb f562 d3b3 cefb e7fd ca23  .../...b.......#
0x0020:  5018 0102 f883 0000 1703 0300 9052 c796  P............R..
0x0030:  f699 f9e4 2cf6 b6ae 9b97 0e93 df88 c241  ....,..........A
0x0040:  7fa8 6b2a f491 83ec 74b7 675c 343e 1c24  ..k*....t.g\4>.$
0x0050:  e127 64c9 5922 eec5 08f1 703c 14ab 1e7d  .'d.Y"....p<...}
0x0060:  ef76 441e 9596 5079 d60b aaf0 9950 6027  .vD...Py.....P`'
0x0070:  4f2d f718 4578 0e8d 2d22 d590 2f4d bb04  O-..Ex..-"../M..
0x0080:  611e e859 fe66 ae41 aa43 50ea 8532 7ba0  a..Y.f.A.CP..2{.
0x0090:  2b18 bd6d fa87 9439 457f f1b8 21fa 14de  +..m...9E...!...
0x00a0:  5d38 d364 b549 feba 0e4d 6113 2ba9 4120  ]8.d.I...Ma.+.A.
0x00b0:  926f f124 b27a 096a ad6a 1324 fd         .o.$.z.j.j.$.
Date=2017-06-07 Time=10:23:05 log_id=0101021 log_type=Firewall log_component=Fir
ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_
dev=Port5 out_dev=Port1 inzone_id=1 outzone_id=2 source_mac=00:0c:42:e5:cf:db de
st_mac=00:e0:20:11:08:fe l3_protocol=IP source_ip=X.X.X.X dest_ip=I.I.
11.47 l4_protocol=TCP source_port=443 dest_port=62818 fw_rule_id=0 policytype=1
live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id
=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_fi
lter_id=0 app_category_id=5 app_id=100 category_id=0 bandwidth_id=0 up_classid=0
dn_classid=0 source_nat_id=1 cluster_node=0 inmark=0x0 nfqueue=103 scanflags=0
gateway_offset=1 max_session_bytes=0 drop_fix=0 ctflags=65576 connid=3162186976
masterid=0 status=414 state=3 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_by
tes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

2017-06-07 10:23:05 0101021 IP X.X.X.X.443 > I.I.10.65.54134 : proto T
CP: R 2336642209:2336642209(0) checksum : 18705
0x0000:  4500 0028 547c 4000 6e06 5c34 ae81 f74c  E..(T|@.n.\4...L
0x0010:  ac10 0a41 01bb d376 8b46 54a1 4eaf 06d7  ...A...v.FT.N...
0x0020:  5014 0000 4911 0000                      P...I...
Date=2017-06-07 Time=10:23:05 log_id=0101021 log_type=Firewall log_component=Fir
ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_
dev=Port5 out_dev=Port1 inzone_id=1 outzone_id=2 source_mac=00:0c:42:e5:cf:db de
st_mac=00:e0:20:11:08:fe l3_protocol=IP source_ip=X.X.X.X dest_ip=I.I.
10.65 l4_protocol=TCP source_port=443 dest_port=54134 fw_rule_id=0 policytype=1
live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id
=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_fi
lter_id=0 app_category_id=5 app_id=100 category_id=0 bandwidth_id=0 up_classid=0
dn_classid=0 source_nat_id=1 cluster_node=0 inmark=0x0 nfqueue=100 scanflags=0
gateway_offset=1 max_session_bytes=0 drop_fix=0 ctflags=65576 connid=518522912 m
asterid=0 status=414 state=8 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_byt
es=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

2017-06-07 10:23:06 0101021 IP X.X.X.X.443 > I.I.11.47.62818 : proto T
CP: P 3551775527:3551776967(1440) win 258 checksum : 59837
0x0000:  4500 05c8 54ea 4000 6e06 5538 ae81 f74c  E...T.@.n.U8...L
0x0010:  ac10 0b2f 01bb f562 d3b3 cb27 e7fd ca23  .../...b...'...#
0x0020:  5018 0102 e9bd 0000 1703 0300 f0ce aedc  P...............
0x0030:  d03e 43e2 818d ade9 4dbd a072 a5ca 482f  .>C.....M..r..H/
0x0040:  dcbb 5d16 9c61 441f 372e d624 13ee 89ef  ..]..aD.7..$....
0x0050:  1cd4 1b4b cef6 4c22 7813 4048 336e 6a92  ...K..L"x.@H3nj.
0x0060:  d2d7 112e f901 b996 dc7e 4f2f c8fe 39e5  .........~O/..9.
0x0070:  db76 e032 17c7 bd58 0824 aa9d 30d8 a660  .v.2...X.$..0..`
0x0080:  97a7 67ef 7599 ae62 cf54 3b5e 516e 6691  ..g.u..b.T;^Qnf.
0x0090:  0f25 b147 8daa 67f3 b108 fa92 4a51 bdcd  .%.G..g.....JQ..
0x00a0:  4a87 779f 71f1 eddb d796 386e c570 9103  J.w.q.....8n.p..
0x00b0:  86f2 3e0f 84d0 179b c795 3584 f646 61eb  ..>.......5..Fa.
0x00c0:  1e30 1266 c624 ce2f cd27 1f8a 68d3 8393  .0.f.$./.'..h...
0x00d0:  4cf5 a746 7afe b8c3 f43c c9e9 44fc 829e  L..Fz....<..D...
0x00e0:  c04b dc4f 5312 fe56 7517 bd0f 2dc6 e19f  .K.OS..Vu...-...
0x00f0:  0865 5616 fb76 79c9 088a bbc2 fbbb 1685  .eV..vy.........
0x0100:  4f04 862f 0de8 a145 6979 e8c6 284a 2021  O../...Eiy..(J.!
0x0110:  11d3 e978 86a4 6ae9 c37b 8d57 cd17 0303  ...x..j..{.W....
0x0120:  00f0 0d96 ad1a 9b79 3bc8 5404 f5a9 dbb4  .......y;.T.....
0x0130:  c2b6 7a39 cd54 e8e0 170e 1233 4ed8 f970  ..z9.T.....3N..p
0x0140:  fb98 c679 bf04 6d72 a6e3 3731 45b4 2946  ...y..mr..71E.)F
0x0150:  3595 c1bc e41c 3518 b5ea 525c af0f 0aa7  5.....5...R\....
0x0160:  c01e a0d6 83af 367d 0b3c 7700 653d 743b  ......6}.<w.e=t;
0x0170:  e9fb ea4a 6097 c130 2d5d 463c 275e de1e  ...J`..0-]F<'^..
0x0180:  8d83 317b 61cd 2366 c5be c7df 64f5 aaa1  ..1{a.#f....d...
0x0190:  9031 5f7d 8817 d9ca 1a63 0467 b916 cc0d  .1_}.....c.g....
0x01a0:  470e 0854 4b96 622c 613e 94eb 4867 b3ce  G..TK.b,a>..Hg..
0x01b0:  0641 fc9a f362 529c a338 ddab d1ee e35b  .A...bR..8.....[
0x01c0:  3d6a a425 46f0 85d5 26ab 7b66 df8f 9c4c  =j.%F...&.{f...L
0x01d0:  0b34 c6fc d556 fb09 4a06 6148 7c9c 92dc  .4...V..J.aH|...
0x01e0:  bd26 39f6 a756 7415 7c5c 99a4 8d21 134a  .&9..Vt.|\...!.J
0x01f0:  c8d8 a465 79d5 d656 3917 6426 172d a5de  ...ey..V9.d&.-..
0x0200:  9457 608c 827a 321f a8f0 e235 0c1a 11cd  .W`..z2....5....
0x0210:  d850 1703 0300 f08c 7c1e 0e58 65ac 9ef0  .P......|..Xe...
0x0220:  ffa0 5e1a 2929 ea08 047c 9bb5 b45d ac28  ..^.))...|...].(
0x0230:  5f9e 7825 1cb9 0495 7ed8 a6b8 6b50 fe1c  _.x%....~...kP..
0x0240:  0f8e 4db1 3260 9483 474d 21b1 bbb1 a846  ..M.2`..GM!....F
0x0250:  2f7e adac ca94 4d71 81c4 9ce6 2255 3dd0  /~....Mq...."U=.
0x0260:  8dc2 e0d7 7597 6f7b 0323 8a22 4c61 69cb  ....u.o{.#."Lai.
0x0270:  6c36 c24f 1098 2692 a591 dca3 6e5e 9332  l6.O..&.....n^.2
0x0280:  f3db a7af f19a 0d2a e714 10c6 a9cf 2fea  .......*....../.
0x0290:  d818 f1b6 ebe2 782f 0651 b86b d7d8 a31c  ......x/.Q.k....
0x02a0:  b2b0 b2a4 0be2 8d7e 54fd e56a 6409 6cbe  .......~T..jd.l.
0x02b0:  e347 a62f 2ba0 7d4e a656 ea49 a5d0 d22f  .G./+.}N.V.I.../
0x02c0:  7356 0acf 89bd df02 e8b6 3df6 7f96 ce1f  sV........=.....
0x02d0:  fcdc 90e0 2cba 174d f1d2 7a49 9332 f4c6  ....,..M..zI.2..
0x02e0:  e800 34d8 0f45 e647 9f01 6951 02c6 007c  ..4..E.G..iQ...|
0x02f0:  dc67 8358 eb42 b05f d7e1 24d4 f350 e2d8  .g.X.B._..$..P..
0x0300:  399e 977f 0317 2f17 0303 00f0 d48b c345  9...../........E
0x0310:  c11c dafa 7d5c 6798 0c60 e4d8 4680 d403  ....}\g..`..F...
0x0320:  37d6 ac4a 53ad 5c7f 43c3 4893 d3fc a6b1  7..JS.\.C.H.....
0x0330:  66db 0038 e6e5 540d 55de 1c90 fae2 365a  f..8..T.U.....6Z
0x0340:  0f5d ee1f c04c 6930 c70b 7837 fff2 ca21  .]...Li0..x7...!
0x0350:  6f1b 96af f025 57fb 70be f904 20b0 35fc  o....%W.p.....5.
0x0360:  bf3c 23c0 5fdb 4864 7972 b9ef 55ee 3f48  .<#._.Hdyr..U.?H
0x0370:  d275 3790 7743 3d12 588c d9b3 bd81 a748  .u7.wC=.X......H
0x0380:  da2d 28e0 3943 02f8 708f 0f6f 9717 4632  .-(.9C..p..o..F2
0x0390:  e99a a864 06f6 733c 27cc 2a85 5919 851e  ...d..s<'.*.Y...
0x03a0:  94dd adf7 8964 488f 9d7f 7177 64e9 afa1  .....dH...qwd...
0x03b0:  4063 e121 ee82 5f12 71e2 b687 ff8f 09c1  @c.!.._.q.......
0x03c0:  59dd 3823 9538 94af 7606 18a5 ea46 61d4  Y.8#.8..v....Fa.
0x03d0:  12f9 87e6 4f78 3d60 746a e806 b444 a161  ....Ox=`tj...D.a
0x03e0:  0d3a e795 097a 8797 cc8f 65a8 9c3f 768b  .:...z....e..?v.
0x03f0:  585e 230b 370e 7cc1 e53f 39d5 1703 0300  X^#.7.|..?9.....
0x0400:  9052 c796 f699 f9e4 2cf6 b6ae 9b97 0e93  .R......,.......
0x0410:  df88 c241 7fa8 6b2a f491 83ec 74b7 675c  ...A..k*....t.g\
0x0420:  343e 1c24 e127 64c9 5922 eec5 08f1 703c  4>.$.'d.Y"....p<
0x0430:  14ab 1e7d ef76 441e 9596 5079 d60b aaf0  ...}.vD...Py....
0x0440:  9950 6027 4f2d f718 4578 0e8d 2d22 d590  .P`'O-..Ex..-"..
0x0450:  2f4d bb04 611e e859 fe66 ae41 aa43 50ea  /M..a..Y.f.A.CP.
0x0460:  8532 7ba0 2b18 bd6d fa87 9439 457f f1b8  .2{.+..m...9E...
0x0470:  21fa 14de 5d38 d364 b549 feba 0e4d 6113  !...]8.d.I...Ma.
0x0480:  2ba9 4120 926f f124 b27a 096a ad6a 1324  +.A..o.$.z.j.j.$
0x0490:  fd17 0303 0730 a6ae 4a0f 8567 a1b2 3ee9  .....0..J..g..>.
0x04a0:  6e7e 12d4 d6c3 f561 5399 7f87 d02d 51d2  n~.....aS....-Q.
0x04b0:  b8cd ce98 27ac 9748 3459 505b c0af 3352  ....'..H4YP[..3R
0x04c0:  4d4b 131e 4bb4 0ee6 d00d 8263 b6dc bd7c  MK..K......c...|
0x04d0:  b88c 3400 963e e561 5004 5953 fa08 093e  ..4..>.aP.YS...>
0x04e0:  6fa6 a907 b70e dad4 2775 c458 0cdc fba7  o.......'u.X....
0x04f0:  9e46 c898 0dfc 1651 4bf0 936f cd42 4904  .F.....QK..o.BI.
0x0500:  4327 2176 d05c 3ae4 801a 1773 4f5d a454  C'!v.\:....sO].T
0x0510:  8225 5484 042c 638d d1aa 9f92 03cf 5540  .%T..,c.......U@
0x0520:  17f5 35d4 306b 8632 7e9a ab57 c4e5 0fbe  ..5.0k.2~..W....
0x0530:  50b3 8fd9 84d6 ff2e ecb2 2dd1 4858 df89  P.........-.HX..
0x0540:  f8d4 87bf 1650 e5b8 46cc 60d5 3602 90bd  .....P..F.`.6...
0x0550:  6e90 9068 d50f fa10 6c52 83df 181b 55d7  n..h....lR....U.
0x0560:  0d35 601b c3cc 1796 762a 7bcd b732 4b2a  .5`.....v*{..2K*
0x0570:  5fb5 b85b 6137 dfae 22c3 9496 3748 ca6e  _..[a7.."...7H.n
0x0580:  fb92 c6df dd41 341a 3ae3 d17a 0089 36e7  .....A4.:..z..6.
0x0590:  fda6 473e 59ae 6cdf 28b9 8c37 db2c 0690  ..G>Y.l.(..7.,..
0x05a0:  6166 3025 d3ba d3a8 50c9 8254 c6a3 50bd  af0%....P..T..P.
0x05b0:  51cd b2a0 3041 b077 11a3 46d1 fa0e 9c48  Q...0A.w..F....H
0x05c0:  73eb ae63 63ef 438a                      s..cc.C.
Date=2017-06-07 Time=10:23:06 log_id=0101021 log_type=Firewall log_component=Fir
ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_
dev=Port5 out_dev=Port1 inzone_id=1 outzone_id=2 source_mac=00:0c:42:e5:cf:db de
st_mac=00:e0:20:11:08:fe l3_protocol=IP source_ip=X.X.X.X dest_ip=I.I.
11.47 l4_protocol=TCP source_port=443 dest_port=62818 fw_rule_id=0 policytype=1
live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id
=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_fi
lter_id=0 app_category_id=5 app_id=100 category_id=0 bandwidth_id=0 up_classid=0
dn_classid=0 source_nat_id=1 cluster_node=0 inmark=0x0 nfqueue=103 scanflags=0
gateway_offset=1 max_session_bytes=0 drop_fix=0 ctflags=65576 connid=3162186976
masterid=0 status=414 state=3 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_by
tes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

2017-06-07 10:23:07 0101021 IP X.X.X.X.443 > I.I.11.47.62818 : proto T
CP: P 3551775527:3551776967(1440) win 258 checksum : 59837
0x0000:  4500 05c8 5602 4000 6e06 5420 ae81 f74c  E...V.@.n.T....L
0x0010:  ac10 0b2f 01bb f562 d3b3 cb27 e7fd ca23  .../...b...'...#
0x0020:  5018 0102 e9bd 0000 1703 0300 f0ce aedc  P...............
0x0030:  d03e 43e2 818d ade9 4dbd a072 a5ca 482f  .>C.....M..r..H/
0x0040:  dcbb 5d16 9c61 441f 372e d624 13ee 89ef  ..]..aD.7..$....
0x0050:  1cd4 1b4b cef6 4c22 7813 4048 336e 6a92  ...K..L"x.@H3nj.
0x0060:  d2d7 112e f901 b996 dc7e 4f2f c8fe 39e5  .........~O/..9.
0x0070:  db76 e032 17c7 bd58 0824 aa9d 30d8 a660  .v.2...X.$..0..`
0x0080:  97a7 67ef 7599 ae62 cf54 3b5e 516e 6691  ..g.u..b.T;^Qnf.
0x0090:  0f25 b147 8daa 67f3 b108 fa92 4a51 bdcd  .%.G..g.....JQ..
0x00a0:  4a87 779f 71f1 eddb d796 386e c570 9103  J.w.q.....8n.p..
0x00b0:  86f2 3e0f 84d0 179b c795 3584 f646 61eb  ..>.......5..Fa.
0x00c0:  1e30 1266 c624 ce2f cd27 1f8a 68d3 8393  .0.f.$./.'..h...
0x00d0:  4cf5 a746 7afe b8c3 f43c c9e9 44fc 829e  L..Fz....<..D...
0x00e0:  c04b dc4f 5312 fe56 7517 bd0f 2dc6 e19f  .K.OS..Vu...-...
0x00f0:  0865 5616 fb76 79c9 088a bbc2 fbbb 1685  .eV..vy.........
0x0100:  4f04 862f 0de8 a145 6979 e8c6 284a 2021  O../...Eiy..(J.!
0x0110:  11d3 e978 86a4 6ae9 c37b 8d57 cd17 0303  ...x..j..{.W....
0x0120:  00f0 0d96 ad1a 9b79 3bc8 5404 f5a9 dbb4  .......y;.T.....
0x0130:  c2b6 7a39 cd54 e8e0 170e 1233 4ed8 f970  ..z9.T.....3N..p
0x0140:  fb98 c679 bf04 6d72 a6e3 3731 45b4 2946  ...y..mr..71E.)F
0x0150:  3595 c1bc e41c 3518 b5ea 525c af0f 0aa7  5.....5...R\....
0x0160:  c01e a0d6 83af 367d 0b3c 7700 653d 743b  ......6}.<w.e=t;
0x0170:  e9fb ea4a 6097 c130 2d5d 463c 275e de1e  ...J`..0-]F<'^..
0x0180:  8d83 317b 61cd 2366 c5be c7df 64f5 aaa1  ..1{a.#f....d...
0x0190:  9031 5f7d 8817 d9ca 1a63 0467 b916 cc0d  .1_}.....c.g....
0x01a0:  470e 0854 4b96 622c 613e 94eb 4867 b3ce  G..TK.b,a>..Hg..
0x01b0:  0641 fc9a f362 529c a338 ddab d1ee e35b  .A...bR..8.....[
0x01c0:  3d6a a425 46f0 85d5 26ab 7b66 df8f 9c4c  =j.%F...&.{f...L
0x01d0:  0b34 c6fc d556 fb09 4a06 6148 7c9c 92dc  .4...V..J.aH|...
0x01e0:  bd26 39f6 a756 7415 7c5c 99a4 8d21 134a  .&9..Vt.|\...!.J
0x01f0:  c8d8 a465 79d5 d656 3917 6426 172d a5de  ...ey..V9.d&.-..
0x0200:  9457 608c 827a 321f a8f0 e235 0c1a 11cd  .W`..z2....5....
0x0210:  d850 1703 0300 f08c 7c1e 0e58 65ac 9ef0  .P......|..Xe...
0x0220:  ffa0 5e1a 2929 ea08 047c 9bb5 b45d ac28  ..^.))...|...].(
0x0230:  5f9e 7825 1cb9 0495 7ed8 a6b8 6b50 fe1c  _.x%....~...kP..
0x0240:  0f8e 4db1 3260 9483 474d 21b1 bbb1 a846  ..M.2`..GM!....F
0x0250:  2f7e adac ca94 4d71 81c4 9ce6 2255 3dd0  /~....Mq...."U=.
0x0260:  8dc2 e0d7 7597 6f7b 0323 8a22 4c61 69cb  ....u.o{.#."Lai.
0x0270:  6c36 c24f 1098 2692 a591 dca3 6e5e 9332  l6.O..&.....n^.2
0x0280:  f3db a7af f19a 0d2a e714 10c6 a9cf 2fea  .......*....../.
0x0290:  d818 f1b6 ebe2 782f 0651 b86b d7d8 a31c  ......x/.Q.k....
0x02a0:  b2b0 b2a4 0be2 8d7e 54fd e56a 6409 6cbe  .......~T..jd.l.
0x02b0:  e347 a62f 2ba0 7d4e a656 ea49 a5d0 d22f  .G./+.}N.V.I.../
0x02c0:  7356 0acf 89bd df02 e8b6 3df6 7f96 ce1f  sV........=.....
0x02d0:  fcdc 90e0 2cba 174d f1d2 7a49 9332 f4c6  ....,..M..zI.2..
0x02e0:  e800 34d8 0f45 e647 9f01 6951 02c6 007c  ..4..E.G..iQ...|
0x02f0:  dc67 8358 eb42 b05f d7e1 24d4 f350 e2d8  .g.X.B._..$..P..
0x0300:  399e 977f 0317 2f17 0303 00f0 d48b c345  9...../........E
0x0310:  c11c dafa 7d5c 6798 0c60 e4d8 4680 d403  ....}\g..`..F...
0x0320:  37d6 ac4a 53ad 5c7f 43c3 4893 d3fc a6b1  7..JS.\.C.H.....
0x0330:  66db 0038 e6e5 540d 55de 1c90 fae2 365a  f..8..T.U.....6Z
0x0340:  0f5d ee1f c04c 6930 c70b 7837 fff2 ca21  .]...Li0..x7...!
0x0350:  6f1b 96af f025 57fb 70be f904 20b0 35fc  o....%W.p.....5.
0x0360:  bf3c 23c0 5fdb 4864 7972 b9ef 55ee 3f48  .<#._.Hdyr..U.?H
0x0370:  d275 3790 7743 3d12 588c d9b3 bd81 a748  .u7.wC=.X......H
0x0380:  da2d 28e0 3943 02f8 708f 0f6f 9717 4632  .-(.9C..p..o..F2
0x0390:  e99a a864 06f6 733c 27cc 2a85 5919 851e  ...d..s<'.*.Y...
0x03a0:  94dd adf7 8964 488f 9d7f 7177 64e9 afa1  .....dH...qwd...
0x03b0:  4063 e121 ee82 5f12 71e2 b687 ff8f 09c1  @c.!.._.q.......
0x03c0:  59dd 3823 9538 94af 7606 18a5 ea46 61d4  Y.8#.8..v....Fa.
0x03d0:  12f9 87e6 4f78 3d60 746a e806 b444 a161  ....Ox=`tj...D.a
0x03e0:  0d3a e795 097a 8797 cc8f 65a8 9c3f 768b  .:...z....e..?v.
0x03f0:  585e 230b 370e 7cc1 e53f 39d5 1703 0300  X^#.7.|..?9.....
0x0400:  9052 c796 f699 f9e4 2cf6 b6ae 9b97 0e93  .R......,.......
0x0410:  df88 c241 7fa8 6b2a f491 83ec 74b7 675c  ...A..k*....t.g\
0x0420:  343e 1c24 e127 64c9 5922 eec5 08f1 703c  4>.$.'d.Y"....p<
0x0430:  14ab 1e7d ef76 441e 9596 5079 d60b aaf0  ...}.vD...Py....
0x0440:  9950 6027 4f2d f718 4578 0e8d 2d22 d590  .P`'O-..Ex..-"..
0x0450:  2f4d bb04 611e e859 fe66 ae41 aa43 50ea  /M..a..Y.f.A.CP.
0x0460:  8532 7ba0 2b18 bd6d fa87 9439 457f f1b8  .2{.+..m...9E...
0x0470:  21fa 14de 5d38 d364 b549 feba 0e4d 6113  !...]8.d.I...Ma.
0x0480:  2ba9 4120 926f f124 b27a 096a ad6a 1324  +.A..o.$.z.j.j.$
0x0490:  fd17 0303 0730 a6ae 4a0f 8567 a1b2 3ee9  .....0..J..g..>.
0x04a0:  6e7e 12d4 d6c3 f561 5399 7f87 d02d 51d2  n~.....aS....-Q.
0x04b0:  b8cd ce98 27ac 9748 3459 505b c0af 3352  ....'..H4YP[..3R
0x04c0:  4d4b 131e 4bb4 0ee6 d00d 8263 b6dc bd7c  MK..K......c...|
0x04d0:  b88c 3400 963e e561 5004 5953 fa08 093e  ..4..>.aP.YS...>
0x04e0:  6fa6 a907 b70e dad4 2775 c458 0cdc fba7  o.......'u.X....
0x04f0:  9e46 c898 0dfc 1651 4bf0 936f cd42 4904  .F.....QK..o.BI.
0x0500:  4327 2176 d05c 3ae4 801a 1773 4f5d a454  C'!v.\:....sO].T
0x0510:  8225 5484 042c 638d d1aa 9f92 03cf 5540  .%T..,c.......U@
0x0520:  17f5 35d4 306b 8632 7e9a ab57 c4e5 0fbe  ..5.0k.2~..W....
0x0530:  50b3 8fd9 84d6 ff2e ecb2 2dd1 4858 df89  P.........-.HX..
0x0540:  f8d4 87bf 1650 e5b8 46cc 60d5 3602 90bd  .....P..F.`.6...
0x0550:  6e90 9068 d50f fa10 6c52 83df 181b 55d7  n..h....lR....U.
0x0560:  0d35 601b c3cc 1796 762a 7bcd b732 4b2a  .5`.....v*{..2K*
0x0570:  5fb5 b85b 6137 dfae 22c3 9496 3748 ca6e  _..[a7.."...7H.n
0x0580:  fb92 c6df dd41 341a 3ae3 d17a 0089 36e7  .....A4.:..z..6.
0x0590:  fda6 473e 59ae 6cdf 28b9 8c37 db2c 0690  ..G>Y.l.(..7.,..
0x05a0:  6166 3025 d3ba d3a8 50c9 8254 c6a3 50bd  af0%....P..T..P.
0x05b0:  51cd b2a0 3041 b077 11a3 46d1 fa0e 9c48  Q...0A.w..F....H
0x05c0:  73eb ae63 63ef 438a                      s..cc.C.
Date=2017-06-07 Time=10:23:07 log_id=0101021 log_type=Firewall log_component=Fir
ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_
dev=Port5 out_dev=Port1 inzone_id=1 outzone_id=2 source_mac=00:0c:42:e5:cf:db de
st_mac=00:e0:20:11:08:fe l3_protocol=IP source_ip=X.X.X.X dest_ip=I.I.
11.47 l4_protocol=TCP source_port=443 dest_port=62818 fw_rule_id=0 policytype=1
live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id
=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_fi
lter_id=0 app_category_id=5 app_id=100 category_id=0 bandwidth_id=0 up_classid=0
dn_classid=0 source_nat_id=1 cluster_node=0 inmark=0x0 nfqueue=103 scanflags=0
gateway_offset=1 max_session_bytes=0 drop_fix=0 ctflags=65576 connid=3162186976
masterid=0 status=414 state=3 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_by
tes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

2017-06-07 10:23:09 0101021 IP X.X.X.X.443 > I.I.11.47.62818 : proto T
CP: P 3551775527:3551776967(1440) win 258 checksum : 59837
0x0000:  4500 05c8 596b 4000 6e06 50b7 ae81 f74c  E...Yk@.n.P....L
0x0010:  ac10 0b2f 01bb f562 d3b3 cb27 e7fd ca23  .../...b...'...#
0x0020:  5018 0102 e9bd 0000 1703 0300 f0ce aedc  P...............
0x0030:  d03e 43e2 818d ade9 4dbd a072 a5ca 482f  .>C.....M..r..H/
0x0040:  dcbb 5d16 9c61 441f 372e d624 13ee 89ef  ..]..aD.7..$....
0x0050:  1cd4 1b4b cef6 4c22 7813 4048 336e 6a92  ...K..L"x.@H3nj.
0x0060:  d2d7 112e f901 b996 dc7e 4f2f c8fe 39e5  .........~O/..9.
0x0070:  db76 e032 17c7 bd58 0824 aa9d 30d8 a660  .v.2...X.$..0..`
0x0080:  97a7 67ef 7599 ae62 cf54 3b5e 516e 6691  ..g.u..b.T;^Qnf.
0x0090:  0f25 b147 8daa 67f3 b108 fa92 4a51 bdcd  .%.G..g.....JQ..
0x00a0:  4a87 779f 71f1 eddb d796 386e c570 9103  J.w.q.....8n.p..
0x00b0:  86f2 3e0f 84d0 179b c795 3584 f646 61eb  ..>.......5..Fa.
0x00c0:  1e30 1266 c624 ce2f cd27 1f8a 68d3 8393  .0.f.$./.'..h...
0x00d0:  4cf5 a746 7afe b8c3 f43c c9e9 44fc 829e  L..Fz....<..D...
0x00e0:  c04b dc4f 5312 fe56 7517 bd0f 2dc6 e19f  .K.OS..Vu...-...
0x00f0:  0865 5616 fb76 79c9 088a bbc2 fbbb 1685  .eV..vy.........
0x0100:  4f04 862f 0de8 a145 6979 e8c6 284a 2021  O../...Eiy..(J.!
0x0110:  11d3 e978 86a4 6ae9 c37b 8d57 cd17 0303  ...x..j..{.W....
0x0120:  00f0 0d96 ad1a 9b79 3bc8 5404 f5a9 dbb4  .......y;.T.....
0x0130:  c2b6 7a39 cd54 e8e0 170e 1233 4ed8 f970  ..z9.T.....3N..p
0x0140:  fb98 c679 bf04 6d72 a6e3 3731 45b4 2946  ...y..mr..71E.)F
0x0150:  3595 c1bc e41c 3518 b5ea 525c af0f 0aa7  5.....5...R\....
0x0160:  c01e a0d6 83af 367d 0b3c 7700 653d 743b  ......6}.<w.e=t;
0x0170:  e9fb ea4a 6097 c130 2d5d 463c 275e de1e  ...J`..0-]F<'^..
0x0180:  8d83 317b 61cd 2366 c5be c7df 64f5 aaa1  ..1{a.#f....d...
0x0190:  9031 5f7d 8817 d9ca 1a63 0467 b916 cc0d  .1_}.....c.g....
0x01a0:  470e 0854 4b96 622c 613e 94eb 4867 b3ce  G..TK.b,a>..Hg..
0x01b0:  0641 fc9a f362 529c a338 ddab d1ee e35b  .A...bR..8.....[
0x01c0:  3d6a a425 46f0 85d5 26ab 7b66 df8f 9c4c  =j.%F...&.{f...L
0x01d0:  0b34 c6fc d556 fb09 4a06 6148 7c9c 92dc  .4...V..J.aH|...
0x01e0:  bd26 39f6 a756 7415 7c5c 99a4 8d21 134a  .&9..Vt.|\...!.J
0x01f0:  c8d8 a465 79d5 d656 3917 6426 172d a5de  ...ey..V9.d&.-..
0x0200:  9457 608c 827a 321f a8f0 e235 0c1a 11cd  .W`..z2....5....
0x0210:  d850 1703 0300 f08c 7c1e 0e58 65ac 9ef0  .P......|..Xe...
0x0220:  ffa0 5e1a 2929 ea08 047c 9bb5 b45d ac28  ..^.))...|...].(
0x0230:  5f9e 7825 1cb9 0495 7ed8 a6b8 6b50 fe1c  _.x%....~...kP..
0x0240:  0f8e 4db1 3260 9483 474d 21b1 bbb1 a846  ..M.2`..GM!....F
0x0250:  2f7e adac ca94 4d71 81c4 9ce6 2255 3dd0  /~....Mq...."U=.
0x0260:  8dc2 e0d7 7597 6f7b 0323 8a22 4c61 69cb  ....u.o{.#."Lai.
0x0270:  6c36 c24f 1098 2692 a591 dca3 6e5e 9332  l6.O..&.....n^.2
0x0280:  f3db a7af f19a 0d2a e714 10c6 a9cf 2fea  .......*....../.
0x0290:  d818 f1b6 ebe2 782f 0651 b86b d7d8 a31c  ......x/.Q.k....
0x02a0:  b2b0 b2a4 0be2 8d7e 54fd e56a 6409 6cbe  .......~T..jd.l.
0x02b0:  e347 a62f 2ba0 7d4e a656 ea49 a5d0 d22f  .G./+.}N.V.I.../
0x02c0:  7356 0acf 89bd df02 e8b6 3df6 7f96 ce1f  sV........=.....
0x02d0:  fcdc 90e0 2cba 174d f1d2 7a49 9332 f4c6  ....,..M..zI.2..
0x02e0:  e800 34d8 0f45 e647 9f01 6951 02c6 007c  ..4..E.G..iQ...|
0x02f0:  dc67 8358 eb42 b05f d7e1 24d4 f350 e2d8  .g.X.B._..$..P..
0x0300:  399e 977f 0317 2f17 0303 00f0 d48b c345  9...../........E
0x0310:  c11c dafa 7d5c 6798 0c60 e4d8 4680 d403  ....}\g..`..F...
0x0320:  37d6 ac4a 53ad 5c7f 43c3 4893 d3fc a6b1  7..JS.\.C.H.....
0x0330:  66db 0038 e6e5 540d 55de 1c90 fae2 365a  f..8..T.U.....6Z
0x0340:  0f5d ee1f c04c 6930 c70b 7837 fff2 ca21  .]...Li0..x7...!
0x0350:  6f1b 96af f025 57fb 70be f904 20b0 35fc  o....%W.p.....5.
0x0360:  bf3c 23c0 5fdb 4864 7972 b9ef 55ee 3f48  .<#._.Hdyr..U.?H
0x0370:  d275 3790 7743 3d12 588c d9b3 bd81 a748  .u7.wC=.X......H
0x0380:  da2d 28e0 3943 02f8 708f 0f6f 9717 4632  .-(.9C..p..o..F2
0x0390:  e99a a864 06f6 733c 27cc 2a85 5919 851e  ...d..s<'.*.Y...
0x03a0:  94dd adf7 8964 488f 9d7f 7177 64e9 afa1  .....dH...qwd...
0x03b0:  4063 e121 ee82 5f12 71e2 b687 ff8f 09c1  @c.!.._.q.......
0x03c0:  59dd 3823 9538 94af 7606 18a5 ea46 61d4  Y.8#.8..v....Fa.
0x03d0:  12f9 87e6 4f78 3d60 746a e806 b444 a161  ....Ox=`tj...D.a
0x03e0:  0d3a e795 097a 8797 cc8f 65a8 9c3f 768b  .:...z....e..?v.
0x03f0:  585e 230b 370e 7cc1 e53f 39d5 1703 0300  X^#.7.|..?9.....
0x0400:  9052 c796 f699 f9e4 2cf6 b6ae 9b97 0e93  .R......,.......
0x0410:  df88 c241 7fa8 6b2a f491 83ec 74b7 675c  ...A..k*....t.g\
0x0420:  343e 1c24 e127 64c9 5922 eec5 08f1 703c  4>.$.'d.Y"....p<
0x0430:  14ab 1e7d ef76 441e 9596 5079 d60b aaf0  ...}.vD...Py....
0x0440:  9950 6027 4f2d f718 4578 0e8d 2d22 d590  .P`'O-..Ex..-"..
0x0450:  2f4d bb04 611e e859 fe66 ae41 aa43 50ea  /M..a..Y.f.A.CP.
0x0460:  8532 7ba0 2b18 bd6d fa87 9439 457f f1b8  .2{.+..m...9E...
0x0470:  21fa 14de 5d38 d364 b549 feba 0e4d 6113  !...]8.d.I...Ma.
0x0480:  2ba9 4120 926f f124 b27a 096a ad6a 1324  +.A..o.$.z.j.j.$
0x0490:  fd17 0303 0730 a6ae 4a0f 8567 a1b2 3ee9  .....0..J..g..>.
0x04a0:  6e7e 12d4 d6c3 f561 5399 7f87 d02d 51d2  n~.....aS....-Q.
0x04b0:  b8cd ce98 27ac 9748 3459 505b c0af 3352  ....'..H4YP[..3R
0x04c0:  4d4b 131e 4bb4 0ee6 d00d 8263 b6dc bd7c  MK..K......c...|
0x04d0:  b88c 3400 963e e561 5004 5953 fa08 093e  ..4..>.aP.YS...>
0x04e0:  6fa6 a907 b70e dad4 2775 c458 0cdc fba7  o.......'u.X....
0x04f0:  9e46 c898 0dfc 1651 4bf0 936f cd42 4904  .F.....QK..o.BI.
0x0500:  4327 2176 d05c 3ae4 801a 1773 4f5d a454  C'!v.\:....sO].T
0x0510:  8225 5484 042c 638d d1aa 9f92 03cf 5540  .%T..,c.......U@
0x0520:  17f5 35d4 306b 8632 7e9a ab57 c4e5 0fbe  ..5.0k.2~..W....
0x0530:  50b3 8fd9 84d6 ff2e ecb2 2dd1 4858 df89  P.........-.HX..
0x0540:  f8d4 87bf 1650 e5b8 46cc 60d5 3602 90bd  .....P..F.`.6...
0x0550:  6e90 9068 d50f fa10 6c52 83df 181b 55d7  n..h....lR....U.
0x0560:  0d35 601b c3cc 1796 762a 7bcd b732 4b2a  .5`.....v*{..2K*
0x0570:  5fb5 b85b 6137 dfae 22c3 9496 3748 ca6e  _..[a7.."...7H.n
0x0580:  fb92 c6df dd41 341a 3ae3 d17a 0089 36e7  .....A4.:..z..6.
0x0590:  fda6 473e 59ae 6cdf 28b9 8c37 db2c 0690  ..G>Y.l.(..7.,..
0x05a0:  6166 3025 d3ba d3a8 50c9 8254 c6a3 50bd  af0%....P..T..P.
0x05b0:  51cd b2a0 3041 b077 11a3 46d1 fa0e 9c48  Q...0A.w..F....H
0x05c0:  73eb ae63 63ef 438a                      s..cc.C.
Date=2017-06-07 Time=10:23:09 log_id=0101021 log_type=Firewall log_component=Fir
ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_
dev=Port5 out_dev=Port1 inzone_id=1 outzone_id=2 source_mac=00:0c:42:e5:cf:db de
st_mac=00:e0:20:11:08:fe l3_protocol=IP source_ip=X.X.X.X dest_ip=I.I.
11.47 l4_protocol=TCP source_port=443 dest_port=62818 fw_rule_id=0 policytype=1
live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id
=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_fi
lter_id=0 app_category_id=5 app_id=100 category_id=0 bandwidth_id=0 up_classid=0
dn_classid=0 source_nat_id=1 cluster_node=0 inmark=0x0 nfqueue=103 scanflags=0
gateway_offset=1 max_session_bytes=0 drop_fix=0 ctflags=65576 connid=3162186976
masterid=0 status=414 state=3 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_by
tes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

2017-06-07 10:23:14 0101021 IP X.X.X.X.443 > I.I.11.47.62818 : proto T
CP: P 3551775527:3551776967(1440) win 258 checksum : 59837
0x0000:  4500 05c8 5d98 4000 6e06 4c8a ae81 f74c  E...].@.n.L....L
0x0010:  ac10 0b2f 01bb f562 d3b3 cb27 e7fd ca23  .../...b...'...#
0x0020:  5018 0102 e9bd 0000 1703 0300 f0ce aedc  P...............
0x0030:  d03e 43e2 818d ade9 4dbd a072 a5ca 482f  .>C.....M..r..H/
0x0040:  dcbb 5d16 9c61 441f 372e d624 13ee 89ef  ..]..aD.7..$....
0x0050:  1cd4 1b4b cef6 4c22 7813 4048 336e 6a92  ...K..L"x.@H3nj.
0x0060:  d2d7 112e f901 b996 dc7e 4f2f c8fe 39e5  .........~O/..9.
0x0070:  db76 e032 17c7 bd58 0824 aa9d 30d8 a660  .v.2...X.$..0..`
0x0080:  97a7 67ef 7599 ae62 cf54 3b5e 516e 6691  ..g.u..b.T;^Qnf.
0x0090:  0f25 b147 8daa 67f3 b108 fa92 4a51 bdcd  .%.G..g.....JQ..
0x00a0:  4a87 779f 71f1 eddb d796 386e c570 9103  J.w.q.....8n.p..
0x00b0:  86f2 3e0f 84d0 179b c795 3584 f646 61eb  ..>.......5..Fa.
0x00c0:  1e30 1266 c624 ce2f cd27 1f8a 68d3 8393  .0.f.$./.'..h...
0x00d0:  4cf5 a746 7afe b8c3 f43c c9e9 44fc 829e  L..Fz....<..D...
0x00e0:  c04b dc4f 5312 fe56 7517 bd0f 2dc6 e19f  .K.OS..Vu...-...
0x00f0:  0865 5616 fb76 79c9 088a bbc2 fbbb 1685  .eV..vy.........
0x0100:  4f04 862f 0de8 a145 6979 e8c6 284a 2021  O../...Eiy..(J.!
0x0110:  11d3 e978 86a4 6ae9 c37b 8d57 cd17 0303  ...x..j..{.W....
0x0120:  00f0 0d96 ad1a 9b79 3bc8 5404 f5a9 dbb4  .......y;.T.....
0x0130:  c2b6 7a39 cd54 e8e0 170e 1233 4ed8 f970  ..z9.T.....3N..p
0x0140:  fb98 c679 bf04 6d72 a6e3 3731 45b4 2946  ...y..mr..71E.)F
0x0150:  3595 c1bc e41c 3518 b5ea 525c af0f 0aa7  5.....5...R\....
0x0160:  c01e a0d6 83af 367d 0b3c 7700 653d 743b  ......6}.<w.e=t;
0x0170:  e9fb ea4a 6097 c130 2d5d 463c 275e de1e  ...J`..0-]F<'^..
0x0180:  8d83 317b 61cd 2366 c5be c7df 64f5 aaa1  ..1{a.#f....d...
0x0190:  9031 5f7d 8817 d9ca 1a63 0467 b916 cc0d  .1_}.....c.g....
0x01a0:  470e 0854 4b96 622c 613e 94eb 4867 b3ce  G..TK.b,a>..Hg..
0x01b0:  0641 fc9a f362 529c a338 ddab d1ee e35b  .A...bR..8.....[
0x01c0:  3d6a a425 46f0 85d5 26ab 7b66 df8f 9c4c  =j.%F...&.{f...L
0x01d0:  0b34 c6fc d556 fb09 4a06 6148 7c9c 92dc  .4...V..J.aH|...
0x01e0:  bd26 39f6 a756 7415 7c5c 99a4 8d21 134a  .&9..Vt.|\...!.J
0x01f0:  c8d8 a465 79d5 d656 3917 6426 172d a5de  ...ey..V9.d&.-..
0x0200:  9457 608c 827a 321f a8f0 e235 0c1a 11cd  .W`..z2....5....
0x0210:  d850 1703 0300 f08c 7c1e 0e58 65ac 9ef0  .P......|..Xe...
0x0220:  ffa0 5e1a 2929 ea08 047c 9bb5 b45d ac28  ..^.))...|...].(
0x0230:  5f9e 7825 1cb9 0495 7ed8 a6b8 6b50 fe1c  _.x%....~...kP..
0x0240:  0f8e 4db1 3260 9483 474d 21b1 bbb1 a846  ..M.2`..GM!....F
0x0250:  2f7e adac ca94 4d71 81c4 9ce6 2255 3dd0  /~....Mq...."U=.
0x0260:  8dc2 e0d7 7597 6f7b 0323 8a22 4c61 69cb  ....u.o{.#."Lai.
0x0270:  6c36 c24f 1098 2692 a591 dca3 6e5e 9332  l6.O..&.....n^.2
0x0280:  f3db a7af f19a 0d2a e714 10c6 a9cf 2fea  .......*....../.
0x0290:  d818 f1b6 ebe2 782f 0651 b86b d7d8 a31c  ......x/.Q.k....
0x02a0:  b2b0 b2a4 0be2 8d7e 54fd e56a 6409 6cbe  .......~T..jd.l.
0x02b0:  e347 a62f 2ba0 7d4e a656 ea49 a5d0 d22f  .G./+.}N.V.I.../
0x02c0:  7356 0acf 89bd df02 e8b6 3df6 7f96 ce1f  sV........=.....
0x02d0:  fcdc 90e0 2cba 174d f1d2 7a49 9332 f4c6  ....,..M..zI.2..
0x02e0:  e800 34d8 0f45 e647 9f01 6951 02c6 007c  ..4..E.G..iQ...|
0x02f0:  dc67 8358 eb42 b05f d7e1 24d4 f350 e2d8  .g.X.B._..$..P..
0x0300:  399e 977f 0317 2f17 0303 00f0 d48b c345  9...../........E
0x0310:  c11c dafa 7d5c 6798 0c60 e4d8 4680 d403  ....}\g..`..F...
0x0320:  37d6 ac4a 53ad 5c7f 43c3 4893 d3fc a6b1  7..JS.\.C.H.....
0x0330:  66db 0038 e6e5 540d 55de 1c90 fae2 365a  f..8..T.U.....6Z
0x0340:  0f5d ee1f c04c 6930 c70b 7837 fff2 ca21  .]...Li0..x7...!
0x0350:  6f1b 96af f025 57fb 70be f904 20b0 35fc  o....%W.p.....5.
0x0360:  bf3c 23c0 5fdb 4864 7972 b9ef 55ee 3f48  .<#._.Hdyr..U.?H
0x0370:  d275 3790 7743 3d12 588c d9b3 bd81 a748  .u7.wC=.X......H
0x0380:  da2d 28e0 3943 02f8 708f 0f6f 9717 4632  .-(.9C..p..o..F2
0x0390:  e99a a864 06f6 733c 27cc 2a85 5919 851e  ...d..s<'.*.Y...
0x03a0:  94dd adf7 8964 488f 9d7f 7177 64e9 afa1  .....dH...qwd...
0x03b0:  4063 e121 ee82 5f12 71e2 b687 ff8f 09c1  @c.!.._.q.......
0x03c0:  59dd 3823 9538 94af 7606 18a5 ea46 61d4  Y.8#.8..v....Fa.
0x03d0:  12f9 87e6 4f78 3d60 746a e806 b444 a161  ....Ox=`tj...D.a
0x03e0:  0d3a e795 097a 8797 cc8f 65a8 9c3f 768b  .:...z....e..?v.
0x03f0:  585e 230b 370e 7cc1 e53f 39d5 1703 0300  X^#.7.|..?9.....
0x0400:  9052 c796 f699 f9e4 2cf6 b6ae 9b97 0e93  .R......,.......
0x0410:  df88 c241 7fa8 6b2a f491 83ec 74b7 675c  ...A..k*....t.g\
0x0420:  343e 1c24 e127 64c9 5922 eec5 08f1 703c  4>.$.'d.Y"....p<
0x0430:  14ab 1e7d ef76 441e 9596 5079 d60b aaf0  ...}.vD...Py....
0x0440:  9950 6027 4f2d f718 4578 0e8d 2d22 d590  .P`'O-..Ex..-"..
0x0450:  2f4d bb04 611e e859 fe66 ae41 aa43 50ea  /M..a..Y.f.A.CP.
0x0460:  8532 7ba0 2b18 bd6d fa87 9439 457f f1b8  .2{.+..m...9E...
0x0470:  21fa 14de 5d38 d364 b549 feba 0e4d 6113  !...]8.d.I...Ma.
0x0480:  2ba9 4120 926f f124 b27a 096a ad6a 1324  +.A..o.$.z.j.j.$
0x0490:  fd17 0303 0730 a6ae 4a0f 8567 a1b2 3ee9  .....0..J..g..>.
0x04a0:  6e7e 12d4 d6c3 f561 5399 7f87 d02d 51d2  n~.....aS....-Q.
0x04b0:  b8cd ce98 27ac 9748 3459 505b c0af 3352  ....'..H4YP[..3R
0x04c0:  4d4b 131e 4bb4 0ee6 d00d 8263 b6dc bd7c  MK..K......c...|
0x04d0:  b88c 3400 963e e561 5004 5953 fa08 093e  ..4..>.aP.YS...>
0x04e0:  6fa6 a907 b70e dad4 2775 c458 0cdc fba7  o.......'u.X....
0x04f0:  9e46 c898 0dfc 1651 4bf0 936f cd42 4904  .F.....QK..o.BI.
0x0500:  4327 2176 d05c 3ae4 801a 1773 4f5d a454  C'!v.\:....sO].T
0x0510:  8225 5484 042c 638d d1aa 9f92 03cf 5540  .%T..,c.......U@
0x0520:  17f5 35d4 306b 8632 7e9a ab57 c4e5 0fbe  ..5.0k.2~..W....
0x0530:  50b3 8fd9 84d6 ff2e ecb2 2dd1 4858 df89  P.........-.HX..
0x0540:  f8d4 87bf 1650 e5b8 46cc 60d5 3602 90bd  .....P..F.`.6...
0x0550:  6e90 9068 d50f fa10 6c52 83df 181b 55d7  n..h....lR....U.
0x0560:  0d35 601b c3cc 1796 762a 7bcd b732 4b2a  .5`.....v*{..2K*
0x0570:  5fb5 b85b 6137 dfae 22c3 9496 3748 ca6e  _..[a7.."...7H.n
0x0580:  fb92 c6df dd41 341a 3ae3 d17a 0089 36e7  .....A4.:..z..6.
0x0590:  fda6 473e 59ae 6cdf 28b9 8c37 db2c 0690  ..G>Y.l.(..7.,..
0x05a0:  6166 3025 d3ba d3a8 50c9 8254 c6a3 50bd  af0%....P..T..P.
0x05b0:  51cd b2a0 3041 b077 11a3 46d1 fa0e 9c48  Q...0A.w..F....H
0x05c0:  73eb ae63 63ef 438a                      s..cc.C.
Date=2017-06-07 Time=10:23:14 log_id=0101021 log_type=Firewall log_component=Fir
ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_
dev=Port5 out_dev=Port1 inzone_id=1 outzone_id=2 source_mac=00:0c:42:e5:cf:db de
st_mac=00:e0:20:11:08:fe l3_protocol=IP source_ip=X.X.X.X dest_ip=I.I.
11.47 l4_protocol=TCP source_port=443 dest_port=62818 fw_rule_id=0 policytype=1
live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id
=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_fi
lter_id=0 app_category_id=5 app_id=100 category_id=0 bandwidth_id=0 up_classid=0
dn_classid=0 source_nat_id=1 cluster_node=0 inmark=0x0 nfqueue=103 scanflags=0
gateway_offset=1 max_session_bytes=0 drop_fix=0 ctflags=65576 connid=3162186976
masterid=0 status=414 state=3 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_by
tes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A
Cancel
Vote Up 0 Vote Down

Cancel
0 April Beachy over 8 years ago in reply to sachingurung

I think I am experiencing the same issue these users are.

https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/92313/strange-drops/335994#pi2151=1
Cancel
Vote Up 0 Vote Down

Cancel