We have a new XG implementation. My users are experiencing the following issue. They have several systems that they connect to and it is like remoting into a terminal services server. The firewall throws violation errors and then their connection will freeze. Eventually Windows will give them the not responding error message and will close the window. My users cannot function because the connection constantly stops responding. X.X.X.X is the IP address of the terminal server that they need to access. I.I.I.I is their internal IP. I have a rule that allows all traffic to this IP. Below is a packet capture showing what is happening.
|
Time |
In Interface |
Out Interface |
Ethernet Type |
Source IP |
Destination IP |
Packet Type |
Ports[src,dst] |
Rule ID |
Status |
Reason |
Username |
Web Filter ID |
Application Filter ID |
IPS Policy ID |
Bandwidth Policy ID |
Connection Status |
|
2017-06-07 08:05:03 |
Port4 |
Port1 |
IPv4 |
X.X.X.X |
I.I.I.I |
TCP |
443,53025 |
0 |
Violation |
Firewall |
- |
No Policy |
No Policy |
No Policy |
No Policy |
ASSURED |
|
2017-06-07 08:04:56 |
Port4 |
Port1 |
IPv4 |
X.X.X.X |
I.I.I.I |
TCP |
443,53025 |
0 |
Violation |
Firewall |
- |
No Policy |
No Policy |
No Policy |
No Policy |
ASSURED |
|
2017-06-07 08:05:06 |
Port4 |
Port1 |
IPv4 |
X.X.X.X |
I.I.I.I |
TCP |
443,53025 |
0 |
Violation |
Firewall |
- |
No Policy |
No Policy |
No Policy |
No Policy |
ASSURED |
|
2017-06-07 08:05:03 |
Port4 |
Port1 |
IPv4 |
X.X.X.X |
I.I.I.I |
TCP |
443,53025 |
0 |
Violation |
Firewall |
- |
No Policy |
No Policy |
No Policy |
No Policy |
ASSURED |
|
2017-06-07 08:04:56 |
Port4 |
Port1 |
IPv4 |
X.X.X.X |
I.I.I.I |
TCP |
443,53025 |
0 |
Violation |
Firewall |
- |
No Policy |
No Policy |
No Policy |
No Policy |
ASSURED |
|
2017-06-07 08:06:33 |
Port1 |
IPv4 |
I.I.I.I |
X.X.X.X |
TCP |
53022,443 |
0 |
Violation |
INVALID_TRAFFIC |
- |
No Policy |
No Policy |
No Policy |
No Policy |
UNREPLIED |
|
|
2017-06-07 08:06:33 |
Port1 |
IPv4 |
I.I.I.I |
X.X.X.X |
TCP |
53022,443 |
0 |
Incoming |
- |
No Policy |
No Policy |
No Policy |
No Policy |
UNREPLIED |
||
|
2017-06-07 08:06:29 |
Port1 |
IPv4 |
I.I.I.I |
X.X.X.X |
TCP |
53022,443 |
0 |
Violation |
INVALID_TRAFFIC |
- |
No Policy |
No Policy |
No Policy |
No Policy |
UNREPLIED |
|
|
2017-06-07 08:06:29 |
Port1 |
IPv4 |
I.I.I.I |
X.X.X.X |
TCP |
53022,443 |
0 |
Incoming |
- |
No Policy |
No Policy |
No Policy |
No Policy |
UNREPLIED |
||
|
2017-06-07 08:06:28 |
Port1 |
IPv4 |
I.I.I.I |
X.X.X.X |
TCP |
53022,443 |
0 |
Violation |
INVALID_TRAFFIC |
- |
No Policy |
No Policy |
No Policy |
No Policy |
UNREPLIED |
|
|
2017-06-07 08:06:28 |
Port1 |
IPv4 |
I.I.I.I |
X.X.X.X |
TCP |
53022,443 |
0 |
Incoming |
- |
No Policy |
No Policy |
No Policy |
No Policy |
UNREPLIED |
||
|
2017-06-07 08:06:26 |
Port1 |
IPv4 |
I.I.I.I |
X.X.X.X |
TCP |
53022,443 |
0 |
Violation |
INVALID_TRAFFIC |
- |
No Policy |
No Policy |
No Policy |
No Policy |
UNREPLIED |
|
|
2017-06-07 08:06:26 |
Port1 |
IPv4 |
I.I.I.I |
X.X.X.X |
TCP |
53022,443 |
0 |
Incoming |
- |
No Policy |
No Policy |
No Policy |
No Policy |
UNREPLIED |
||
|
2017-06-07 08:06:25 |
Port1 |
IPv4 |
I.I.I.I |
X.X.X.X |
TCP |
53022,443 |
0 |
Violation |
INVALID_TRAFFIC |
- |
No Policy |
No Policy |
No Policy |
No Policy |
UNREPLIED |
|
|
2017-06-07 08:06:25 |
Port1 |
IPv4 |
I.I.I.I |
X.X.X.X |
TCP |
53022,443 |
0 |
Incoming |
- |
No Policy |
No Policy |
No Policy |
No Policy |
UNREPLIED |
I have logged several tickets with support and have not gotten it fixed yet. I set this up with the help of two separate Sophos Engineers, because I have no experience with Sophos.
My users are understandably ready to throw IT out the window as well as the XG.
Any thoughts on how to resolve this?
This thread was automatically locked due to age.
