Hallo, ich habe ziemlich erfolglos seit ein paar Wochen ein Ticket offen (04828530). Die AUX SFW (18.5.2 MR-2) initiiert hier Traffic gegen die u.g. Domains über das Primary Device, das führt zu Invalid Traffic Meldungen auf dem Primary Device. Mit dem Support komme ich hier nicht weiter. Primary WAN 10.0.203.8 (Port 6.203) , Port 3 ist QuickHA. Das Konstrukt verstehe ich auch nicht wirklich, die AUX Device hat ja die gleiche IP wie das Primärgerät, wie dann die Statefull firewall damit zurecht kommen soll, ist mir unklar, aber es funktioniert ja auch nicht .... Danke Henri "timestamp","source","message" "2022-02-22T07:14:41.834Z","PACKET_DEBUG:","PACKET_DEBUG: DNS for 10.0.203.8, TID: 0x9146: resolver.1.geo.ctmail.com STD A resolved to 84.39.157.1" "2022-02-22T07:25:12.084Z","PACKET_DEBUG:","PACKET_DEBUG: DNS for 10.0.203.8, TID: 0x986f: resolver.1.geo.ctmail.com STD A resolved to 84.39.157.1" "2022-02-22T07:25:12.084Z","PACKET_DEBUG:","PACKET_DEBUG: DNS for 10.0.203.8, TID: 0x986f: resolver1.ast.ctmail.com STD CNAME resolved to resolver.1.geo.ctmail.com " Time In interface Out interface Ethernet type Source IP Destination IP Packet type Ports [src,dst] NAT ID Rule ID Status Reason Web filter ID Application filter ID Port6.203 IPv4 10.0.203.8 84.39.157.1 TCP 30431,80 0 0 Forwarded No policy No policy No policy - No policy No policy - 0x8001 ASSURED No application No category 2022-02-22 23:45:53 IPv4 10.0.203.8 84.39.157.1 TCP 30431,80 0 0 Violation INVALID_TRAFFIC No policy No policy No policy - No policy No policy - 0x8001 ASSURED No application No category 2022-02-22 23:45:53 Port3 IPv4 10.0.203.8 84.39.157.1 TCP 30431,80 0 0 Incoming No policy No policy No policy - No policy No policy - No gateway UNREPLIED No application No category 2022-02-22 23:45:53 Port3 Port6.203 IPv4 10.0.203.8 84.39.157.1 TCP 18029,80 0 0 Forwarded No policy No policy No policy - No policy No policy - 0x8001 ASSURED No application No category 2022-02-22 23:45:53 IPv4 10.0.203.8 84.39.157.1 TCP 18029,80 0 0 Violation INVALID_TRAFFIC No policy No policy No policy - No policy No policy - 0x8001 ASSURED No application No category 2022-02-22 23:45:53 Port3 IPv4 10.0.203.8 84.39.157.1 TCP 18029,80 0 0 Incoming No policy No policy No policy - No policy No policy - No gateway UNREPLIED No application No category 2022-02-22 23:45:53 Port3 Port6.203 IPv4 10.0.203.8 84.39.157.1 TCP 30431,80 0 0 Forwarded No policy No policy No policy - No policy No policy - 0x8001 ASSURED No application No category 2022-02-22 23:45:53 IPv4 10.0.203.8 84.39.157.1 TCP 30431,80 0 0 Violation INVALID_TRAFFIC No policy No policy No policy - No policy No policy - 0x8001 ASSURED No application No category 2022-02-22 23:45:53 Port3 IPv4 10.0.203.8 84.39.157.1 TCP 30431,80 0 0 Incoming No policy No policy No policy - No policy No policy - No gateway UNREPLIED No application No category 2022-02-22 23:45:53 Port3 Port6.203 IPv4 10.0.203.8 84.39.157.1 TCP 18029,80 0 0

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Invalid traffic - XG HA (Port 3 ist QuickHA) -> 84.39.157.1

Hallo,

ich habe ziemlich erfolglos seit ein paar Wochen ein Ticket offen (04828530). Die AUX SFW (18.5.2 MR-2) initiiert hier Traffic gegen die u.g. Domains über das Primary Device, das führt zu Invalid Traffic Meldungen auf dem Primary Device. Mit dem Support komme ich hier nicht weiter.

Primary WAN 10.0.203.8 (Port 6.203) , Port 3 ist QuickHA.

Das Konstrukt verstehe ich auch nicht wirklich, die AUX Device hat ja die gleiche IP wie das Primärgerät, wie dann die Statefull firewall damit zurecht kommen soll, ist mir unklar, aber es funktioniert ja auch nicht ....

Danke

Henri



"timestamp","source","message"
"2022-02-22T07:14:41.834Z","PACKET_DEBUG:","PACKET_DEBUG: DNS for 10.0.203.8, TID: 0x9146: resolver.1.geo.ctmail.com STD A resolved to 84.39.157.1"
"2022-02-22T07:25:12.084Z","PACKET_DEBUG:","PACKET_DEBUG: DNS for 10.0.203.8, TID: 0x986f: resolver.1.geo.ctmail.com STD A resolved to 84.39.157.1"
"2022-02-22T07:25:12.084Z","PACKET_DEBUG:","PACKET_DEBUG: DNS for 10.0.203.8, TID: 0x986f: resolver1.ast.ctmail.com STD CNAME resolved to resolver.1.geo.ctmail.com"

Time	In interface	Out interface	Ethernet type	Source IP	Destination IP	Packet type	Ports [src,dst]	NAT ID	Rule ID	Status	Reason	Web filter ID	Application filter ID

Port6.203

IPv4

10.0.203.8

84.39.157.1

TCP

30431,80

Forwarded

No policy

0x8001

ASSURED

No application

No category

2022-02-22 23:45:53

IPv4

10.0.203.8

84.39.157.1

TCP

30431,80

Violation

INVALID_TRAFFIC

No policy

0x8001

ASSURED

No application

No category

2022-02-22 23:45:53

Port3

IPv4

10.0.203.8

84.39.157.1

TCP

30431,80

Incoming

No policy

No gateway

UNREPLIED

No application

No category

2022-02-22 23:45:53

Port3

Port6.203

IPv4

10.0.203.8

84.39.157.1

TCP

18029,80

Forwarded

No policy

0x8001

ASSURED

No application

No category

2022-02-22 23:45:53

IPv4

10.0.203.8

84.39.157.1

TCP

18029,80

Violation

INVALID_TRAFFIC

No policy

0x8001

ASSURED

No application

No category

2022-02-22 23:45:53

Port3

IPv4

10.0.203.8

84.39.157.1

TCP

18029,80

Incoming

No policy

No gateway

UNREPLIED

No application

No category

2022-02-22 23:45:53

Port3

Port6.203

IPv4

10.0.203.8

84.39.157.1

TCP

30431,80

Forwarded

No policy

0x8001

ASSURED

No application

No category

2022-02-22 23:45:53

IPv4

10.0.203.8

84.39.157.1

TCP

30431,80

Violation

INVALID_TRAFFIC

No policy

0x8001

ASSURED

No application

No category

2022-02-22 23:45:53

Port3

IPv4

10.0.203.8

84.39.157.1

TCP

30431,80

Incoming

No policy

No gateway

UNREPLIED

No application

No category

2022-02-22 23:45:53

Port3

Port6.203

IPv4

10.0.203.8

84.39.157.1

TCP

18029,80

This thread was automatically locked due to age.

Parents

0 LuCar Toni over 3 years ago

Ich habe auf allen Firewalls Invalid Traffic deaktiviert. Daher kann ich nicht sagen, ob ich dieses Verhalten auch so sehe. Empfehle nur grundsätzlich es auch zu deaktivieren, da es keinen Mehrwert bietet.

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 LuCar Toni over 3 years ago

Ich habe auf allen Firewalls Invalid Traffic deaktiviert. Daher kann ich nicht sagen, ob ich dieses Verhalten auch so sehe. Empfehle nur grundsätzlich es auch zu deaktivieren, da es keinen Mehrwert bietet.

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data