Unable to SSH to any server. Even FTP/SFTP does not work.

Question

Hi all, 
 I've recently installed Sophos utm9 in my home lab, and these are my very first few weeks. I have been facing a very strange issue lately.. and hence i need your help with this. 
 Two days back, i was trying to transfer files from a remote server using sftp connection through filezilla, and the entire file transfer was choppy, the connection would keep disconnecting every few seconds, and then resume transfer, this went on for couple of mins, the connecrtion would terminate and then reconnect again, and transfer would resume, but after few mins, the connection completely got disconnected, and since them i am not able to ssh to that server using putty nor through filezilla (ftp client). 
 The remote server is online, and i have tried connecting to this server from work (a different location from home), and it works fine from home, i can file transfer without any issues. 
 Its only here at home where i have sophos installed. 
 Prior to sohos i was able to file transfer and connect to the server without issues. 
 Is there something that is completely blocking the ssh connection to a remote server or even file transfer in the firewall that i need to check or enable or create a rule?

sachingurung · Answer

Looking at the log line, those are default drops with fwrule= 60002, it happens when the packet is not destined for the UTM or we can say there is no firewall rule defined to forward the packet. 
 2017:05:09-00:00:01 sophos ulogd[6252]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002 " initf="eth0" outitf="eth1" srcmac="00:0e:8f:79:e3:21" dstmac="00:25:90:7c:01:af" srcip="192.168.1.100" dstip="96.44.129.13" proto="6" length="52" tos="0x00" prec="0x00" ttl="63" srcport="60141" dstport="232" tcpflags="SYN" 
 Considering the fact that the destination IP address is a public IP, I suspect the issue is a missing/misconfigured masquerading rule defined in the UTM. Also, a firewall rule to forward 192.168.1.0 network through the UTM is absent or misconfigured. 
 Thank You

BAlfson · Answer

No apology necessary - I was just trying to help you get the most out of this place! 
 I would have your internal users get NTP (UDP 123) from your DHCP server and set it to get NTP from the UTM. You also need to allow your server in 'Network Services >> NTP'. At present you have no firewall rule like '{192.168.1.100} -> NTP -> Internet : Allow', so those packets are being dropped. You won't need that rule if you have the server get time from the UTM. 
 Similarly, there is no firewall rule allowing TCP 232 to the Internet, so those packets are also being dropped out of the FORWARD chain ( fwrule="60002" ). This is the same for SSH on the Internet. 
 I see a drop out of the INPUT chain ("60001") for someone from the Ukraine (37.229.167.134) trying to telnet into your UTM. Unless you're in the same country, this is likely a branch of the Russian mafia, so you probably don't want to allow that traffic! 
 In general, I don't log successful outbound traffic, but I do like to start a new setup with two logged allow rules after the explicit 'Internal (Network) -> {Service} -> Internet' rules: 
 Internal (Network) -> {1:65535->1:1023} -> Internet : Allow Internal (Network) -> {1:65535->1024:65535} -> Internet : Allow 
 After a month, I look back through the list of Services recorded in the logs and add new rules before these rules. That's usually long enough to turn those rules off and wait for complaints. [;)] 
 Cheers - Bob