Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 26 subscribers
  • Views 18221 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG dropping traffic to 443

ArunGupta

I have a firewall rule which allows traffic from LAN zone ANY host to WAN zone ANY host using the built-in HTTPS service. However, in XG logs, I see that some traffic from various devices in LAN zone is being denied going to TCP port 443, whereas other traffic is being allowed on the same port from same devices. Why is this happening? As far as I know, I have not setup any IPS or Application filter or web policy. What else do I check?

Thanks,

Arun



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to ArunGupta

    Arun,

    thanks for sharing the ip. Please share also the IP/Network for each appliance (only internal IP). Is the XG deployed as Bridge or Routing?

    Thanks

  • 0 in reply to lferrara

    I am sorry, I did not quiet understand the question. Which appliance are you referring to? Also, how do I determine if XG is in bridge mode or routing mode?

    Thanks,

    Arun

  • 0 in reply to ArunGupta

    Arun,

    in order to help us you should provide inside the thread all the needed information about your installation.

    So please share a network map with all router/firewall ip.

    To understand how XG is deployed, share a screenshot of network > interface tab.

    Thanks

  • 0 in reply to lferrara

    So, here are lot more details:

    Here is XG Network Interface setup. I do not use the GuestAP. I have removed the IP address assigned by Verizon:

    Here is the setup in VMWare. I have removed the MAC addresses:

    First, the input from Verizon to XG on the first physical NIC.

    This is how the output from XG goes to other Virtual Machines and rest of the network. This is the second physical NIC.

    This is how the DMZ physical NIC is configured:

    I had exact same setup for UTM9 and it worked fine for years. The UTM9 never blocked any traffic that was not in supposed to be blocked in firewall rules.

    Thanks,

    Arun

  • 0 in reply to ArunGupta

    Arun,

    are you using the same IP as the previous UTM9 box?

    If this is the case, pay attention with MAC-ADDRESS table on the other appliances.

    Use a tcpdump to understand why the traffic is blocked.

    Regards