Hi All
I am having the issue recently with Sophos XG. I noticed it is blocking OTA updates for my Oneplus 5T phone. However, looking at Webfilter logs, it seems traffic is allowed but when I run DR command on appliance, I see packet drop. Please suggest how to fix this. Below is packet drop output.
Date=2017-12-17 Time=22:58:43 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= l3_protocol=IP source_ip=10.12.47.22 dest_ip=163.171.98.96 l4_protocol=TCP source_port=40835 dest_port=80 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A
2017-12-17 22:58:43 010202130 IP 10.12.47.22.40829 > 163.171.98.96.80 : proto TCP: F 2551198749:2551199128(379) win 347 checksum : 12810
0x0000: 4500 01a3 32c0 4000 4006 c767 0a0c 2f16 E...2.@.@..g../.
0x0010: a3ab 6260 9f7d 0050 9810 341d 0691 4417 ..b`.}.P..4...D.
0x0020: 5019 015b 320a 0000 4745 5420 2f70 6174 P..[2...GET./pat
0x0030: 6368 2f61 6d61 7a6f 6e65 322f 474c 4f2f ch/amazone2/GLO/
0x0040: 4f6e 6550 6c75 7335 544f 7879 6765 6e2f OnePlus5TOxygen/
0x0050: 4f6e 6550 6c75 7335 544f 7879 6765 6e5f OnePlus5TOxygen_
0x0060: 3433 2e4f 2e30 375f 474c 4f5f 3030 375f 43.O.07_GLO_007_
0x0070: 3137 3132 3132 3233 3230 2f4f 6e65 506c 1712122320/OnePl
0x0080: 7573 3554 4f78 7967 656e 5f34 335f 4f54 us5TOxygen_43_OT
0x0090: 415f 3030 342d 3030 375f 7061 7463 685f A_004-007_patch_
0x00a0: 3137 3132 3132 3233 3230 5f37 3938 3832 1712122320_79882
0x00b0: 3830 2e7a 6970 2048 5454 502f 312e 310d 80.zip.HTTP/1.1.
0x00c0: 0a52 414e 4745 3a20 6279 7465 733d 3135 .RANGE:.bytes=15
0x00d0: 3032 3539 3431 372d 3138 3730 3635 3632 0259417-18706562
0x00e0: 350d 0a43 6f6e 7465 6e74 2d74 7970 653a 5..Content-type:
0x00f0: 2061 7070 6c69 6361 7469 6f6e 2f6f 6374 .application/oct
0x0100: 6574 2d73 7472 6561 6d0d 0a55 7365 722d et-stream..User-
0x0110: 4167 656e 743a 2044 616c 7669 6b2f 322e Agent:.Dalvik/2.
0x0120: 312e 3020 284c 696e 7578 3b20 553b 2041 1.0.(Linux;.U;.A
0x0130: 6e64 726f 6964 2037 2e31 2e31 3b20 4f4e ndroid.7.1.1;.ON
0x0140: 4550 4c55 5320 4135 3031 3020 4275 696c EPLUS.A5010.Buil
0x0150: 642f 4e4d 4632 3658 290d 0a48 6f73 743a d/NMF26X)..Host:
0x0160: 206f 7461 6673 672e 6832 6f73 2e63 6f6d .otafsg.h2os.com
0x0170: 0d0a 436f 6e6e 6563 7469 6f6e 3a20 4b65 ..Connection:.Ke
0x0180: 6570 2d41 6c69 7665 0d0a 4163 6365 7074 ep-Alive..Accept
0x0190: 2d45 6e63 6f64 696e 673a 2067 7a69 700d -Encoding:.gzip.
0x01a0: 0a0d 0a ...
Date=2017-12-17 Time=22:58:43 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= l3_protocol=IP source_ip=10.12.47.22 dest_ip=163.171.98.96 l4_protocol=TCP source_port=40829 dest_port=80 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A
This thread was automatically locked due to age.
