Hello,
I am testing out the XG firewall as a VM and have come across a couple of issues with the Application filter. The current issue is that if I enable Application filtering for high risk Apps 4 & 5 Windows updates take about 3 days to do a full system update from initial install. Doing a drop packet capture and I get the bellow over and over for lots of different MS IPs. Trying to find out which specific App is stopping this doesn't appear to be very easy to see in the logs or the drop packet capture.
Previously I have logged a call with Sophos and they have said oh its this App_ID which means its this app that's in the risk level 4 which needs allowing through however I have logged the same query and the engineer doesn't know about this app_ID chart. Anyone know of this app ID chart and anyone able to shed any light as to why WU is being slowed right down with lots of denied traffic?
Date=2017-06-26 Time=16:53:50 log_id=0544021 log_type=Content_Filter log_component=Application_Filter log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=PortB out_dev= inzone_id=1 outzone_id=0 source_mac=00:22:be:35:28:19 dest_mac=00:15:5d:01:12:08 l3_protocol=IP source_ip=13.107.4.50 dest_ip=172.16.1.114 l4_protocol=TCP source_port=80 dest_port=50664 fw_rule_id=1 policytype=1 live_userid=0 userid=0 user_gp=0 ips_id=5 sslvpn_id=0 web_filter_id=4 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=7 app_category_id=1 app_id=67 category_id=29 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=1 cluster_node=0 inmark=0x0 nfqueue=255 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=1074268169 connid=3289879424 masterid=1699837760 status=398 state=3 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A
Thanks,
Rich
This thread was automatically locked due to age.
