I try to drop-packet-capture "host x.x.x.x or host y.y.y.y" with this KB https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/96227/time-periods-and-established-connections/349096.
But i don't know what is this problem ?
why inzone outzone is "0" ??
Network setting is two interface make LACP and Add Vlan10、11、40、41、42、43、50、51。
Vlan10 was zoneOA
Vlan 11、50、51 was zoneRD
Default route is 0.0.0.0 /0 172.24.10.250
Only Base Firewall License.
First Policy is ZoneRD to ZoneRD Any to Any with Any Service Allow.
Bottom Policy is zone ANY to zone ANY any to any Any Service Drop.
USE daemon license issue.
2018-01-15 15:14:30 010202130 IP 172.24.11.215.56567 > 172.24.51.60.52690 : prot
o TCP: P 230700337:230700484(147) win 115 checksum : 39679
0x0000: 4500 00c7 9c6c 4000 4006 0681 ac18 0bd7 E....l@.@.......
0x0010: ac18 333c dcf7 cdd2 0dc0 3531 df00 3c0c ..3<......51..<.
0x0020: 8018 0073 9aff 0000 0101 080a 09b7 0d25 ...s...........%
0x0030: 091a ed2f 68cd 3133 6a6f 6563 6865 6e67 .../h.13joecheng
0x0040: 0000 0000 0000 0000 0000 0000 0067 6132 .............ga2
0x0050: 3135 0000 0000 0000 0000 0000 0000 0000 15..............
0x0060: 0000 0000 0000 0000 0000 0000 0000 736e ..............sn
0x0070: 736c 6d67 7264 0000 0067 6132 3135 3a31 slmgrd...ga215:1
0x0080: 332e 3000 0000 0000 0000 0000 0000 0000 3.0.............
0x0090: 0000 0000 0000 0000 0000 5400 0000 0000 ..........T.....
0x00a0: 0000 0000 0000 0031 3935 3131 0000 0000 .......19511....
0x00b0: 0000 616d 6436 345f 7265 3300 0000 0009 ..amd64_re3.....
0x00c0: 0530 0000 0000 00 .0.....
Date=2018-01-15 Time=15:14:30 log_id=010202130 log_type=Firewall log_component=I
nvalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A
in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= l3_protocol=IP
source_ip=172.24.11.215 dest_ip=172.24.51.60 l4_protocol=TCP source_port=56567 d
est_port=52690 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id
=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 d
nat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 ca
tegory_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_nod
e=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_f
ix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A
sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A
tran_dst_port=N/A
2018-01-15 15:14:36 010202130 IP 172.24.51.60.52690 > 172.24.11.215.56567 : prot
o TCP: S 3741334539:3741334539(0) win 14480 checksum : 6592
0x0000: 4500 003c 0000 4000 4006 a378 ac18 333c E..<..@.@..x..3<
0x0010: ac18 0bd7 cdd2 dcf7 df00 3c0b 0dc0 3531 ..........<...51
0x0020: a012 3890 19c0 0000 0204 05b4 0402 080a ..8.............
0x0030: 091b 67dd 09b6 dae5 0103 0307 ..g.........
Date=2018-01-15 Time=15:14:36 log_id=010202130 log_type=Firewall log_component=I
nvalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A
in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= l3_protocol=IP
source_ip=172.24.51.60 dest_ip=172.24.11.215 l4_protocol=TCP source_port=52690 d
est_port=56567 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id
=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 d
nat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 ca
tegory_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_nod
e=0 inmark=0x0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_f
ix=0 ctflags=0 connid=0 masterid=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A
sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A
tran_dst_port=N/A
This thread was automatically locked due to age.
