Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 4 subscribers
  • Views 23343 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

PS3 unable to connect to PSN

danodemano

Alright folks, this has been driving me crazy for the past 3 or 4 days now.  My PS4 can connect to the PSN without issue.  I had the EXACT same rules for my PS3 however it was unable to connect.  So tonight I nuked the network definition for the PS3 and recreated it leaving all the defaults (no bypass rules) however it STILL cannot connect.  This is the only block entry I can find but I'm a bit confused, it looks like it's trying to come back into the network on port 443?

2015:11:29-17:01:49 gateway ulogd[18487]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="00:0c:29:6e:f9:0c" srcip="172.224.172.185" dstip="192.168.9.64" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="61617" tcpflags="RST"
2015:11:29-17:11:27 gateway ulogd[18487]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="00:0c:29:6e:f9:0c" srcip="23.196.24.237" dstip="192.168.9.64" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="63060" tcpflags="RST"
2015:11:29-17:11:27 gateway ulogd[18487]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="00:0c:29:6e:f9:0c" srcip="23.196.24.237" dstip="192.168.9.64" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="63059" tcpflags="RST"
2015:11:29-17:12:11 gateway ulogd[18487]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="00:0c:29:6e:f9:0c" srcip="198.107.131.100" dstip="192.168.9.64" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="63048" tcpflags="RST"
2015:11:29-17:12:31 gateway ulogd[18487]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="00:0c:29:6e:f9:0c" srcip="23.196.24.237" dstip="192.168.9.64" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="63060" tcpflags="RST"
2015:11:29-17:12:31 gateway ulogd[18487]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" srcmac="00:0c:29:6e:f9:0c" srcip="23.196.24.237" dstip="192.168.9.64" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="63059" tcpflags="RST"

The .64 address is my PS3.  The only "rule" I have that includes the PS3 is a wide-open allow all outgoing:

I had more restrictive rules but opened it way up for testing.  I'm a bit perplexed now as to why the above connection is being blocked and if it truly is what's the way around this?  Prior I had the PS3 bypassed from all scanning (IPS, web filtering, application control, advanced threat protection) and it was STILL getting blocked, there was just no log entry indicating the block.  Can anyone shed any light on this issue?  I really appreciate it!

Thanks,

Dan

EDIT: So just for fun I decided to port forward 443 into the PS3 and all the sudden it connects to the PSN!  I've never had to do this before, it's always connected without issue.  Is this a change on the PSN or has something changed in the Sophos UTM?



This thread was automatically locked due to age.
Parents
  • 0
    Do you have your PS3 configured statically or dynamically; DHCP reservation? Is the bypass rule you are referring to the Web Protection transparent bypass?

    If the IP address is changing due to DHCP lease renewal, that could be causing issues with any rules you have configured.
  • 0 in reply to Euphrates
    It has a statically assigned DHCP lease. And I had tried bypassing it from everything, web protection, application filtering, etc. And yes the IP on the PS3 matches what was setup for the rules. I keep coming back to the fact that a PORT FORWARD of 443 is required for it to connect to the PSN. I'm trying to track down if something in the UTM changed to cause this or if it's a change with Sony/PSN.
Reply
  • 0 in reply to Euphrates
    It has a statically assigned DHCP lease. And I had tried bypassing it from everything, web protection, application filtering, etc. And yes the IP on the PS3 matches what was setup for the rules. I keep coming back to the fact that a PORT FORWARD of 443 is required for it to connect to the PSN. I'm trying to track down if something in the UTM changed to cause this or if it's a change with Sony/PSN.
Children