This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Vine Thermostat

I have vine smart thermostats and I can't get them to connect to the server on their end for updating.

I had them working until I installed my sophos UTM and now no matter what settings I have I can't figure out what is blocking it.

I keep getting

2020:09:14-00:00:25 ****** ulogd[623]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" mark="0x144e" app="1102" srcmac="40:62:31:13:f7:f3" srcip="52.52.126.248" dstip="192.168.1.8" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="49153" tcpflags="ACK PSH FIN" 

Thanks for the help.

This thread was automatically locked due to age.

Top Replies

Argo over 4 years ago +1

looks like to do not have a rule in place as it is being dropped "on output" - fwrule="60003" https://support.sophos.com/support/s/article/KB-000034242?language=en_US so a filter rule on eth1 is stopping…

Parents

0 BAlfson over 4 years ago

This looks like a problem with the Vine server in Amazon AWS, Scott. Its response to your thermostat's HTTP request was blocked because the UTM's stateful firewall thought that the conversation was over - probably because the server took longer than expected to respond. Then again, maybe this is nothing to worry about and it's just another example of the "chattiness" of TCP - maybe the server had indeed finished updating the thermostat - can you tell if it was updated?

If there is a problem, we'll need to try changing one of the ip_conntrack_tcp_timeout values.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 4 years ago

This looks like a problem with the Vine server in Amazon AWS, Scott. Its response to your thermostat's HTTP request was blocked because the UTM's stateful firewall thought that the conversation was over - probably because the server took longer than expected to respond. Then again, maybe this is nothing to worry about and it's just another example of the "chattiness" of TCP - maybe the server had indeed finished updating the thermostat - can you tell if it was updated?

If there is a problem, we'll need to try changing one of the ip_conntrack_tcp_timeout values.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data