Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 3 subscribers
  • Views 2003 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IMAP SSL to not Server outside not working

benny4982

Hi,

we have a guest wirelesse network and no special configuration.
Just a Firewall rule and a nat to allow all mail services, web and whats app.
Web, Whatsapp , POP3, SMTP running fine.

But we have an issue contacting IMAP SSL imap.web.de
If the user disconects from WLAN everything works as expected, but within the wireless network no check of mails is possible.
Packet filter looks good and allows the traffic:

16:15:51 Packet filter rule #28 TCP  
172.16.28.112 : 50318
173.194.76.108 : 993
 
[SYN] len=64 ttl=63 tos=0x00 srcmac=f0:76:6f:bf:f9:6f dstmac=00:1a:8c:0a:d6:01
16:15:52 Packet filter rule #28 TCP  
172.16.28.112 : 50319
173.194.76.108 : 993
 
[SYN] len=64 ttl=63 tos=0x00 srcmac=f0:76:6f:bf:f9:6f dstmac=00:1a:8c:0a:d6:01
16:15:54 Packet filter rule #28 TCP  
172.16.28.112 : 50321
212.227.17.162 : 993
 
[SYN] len=64 ttl=63 tos=0x00 srcmac=f0:76:6f:bf:f9:6f dstmac=00:1a:8c:0a:d6:01
16:16:02 Packet filter rule #28 TCP  
172.16.28.112 : 50322
17.242.60.87 : 5223
 
[SYN] len=64 ttl=63 tos=0x00 srcmac=f0:76:6f:bf:f9:6f dstmac=00:1a:8c:0a:d6:01
16:16:24 Packet filter rule #28 TCP  
172.16.28.112 : 50323
173.194.76.108 : 993
 
[SYN] len=64 ttl=63 tos=0x00 srcmac=f0:76:6f:bf:f9:6f dstmac=00:1a:8c:0a:d6:01

any ideas why it is not working?



This thread was automatically locked due to age.
Parents
  • 0

    Hallo Benny,

    Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly.  Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file.  I say that for future posts as the Live Log does prove the outbound traffic was allowed.

    You might check the Intrusion Prevention log.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi, 

    thanks for the reply. I will try to schedule an tcpdump session and provide the informations here.

Reply Children
  • 0 in reply to benny4982

    Hi,

    we have done the tcpdump session.
    We noticed many tcp retransmissions.

    After that we checked all kinds of multipath rules and policy based routes.

    In the end we switched the wireless network to the other provider.
    It seems there is a blacklisting of the other static IP for imap.web.de active.

    So after all , it was not a sophos issue.
    Thanks for your help so far.

Unfiltered HTML