I have a Sophos Console Station behind an Astaro with HA support and everything. Astaro is 10.52.2.10 and it's also running a proxy, Sophos is 10.52.2.210 and it's going thru the proxy to get new software from Sophos sources. I see the following drops with source being the Astaro and Destination being the server with source port 8080 (while destination is an high random port).
Beside this I see no problems with my Sophos server, however, it's flooding syslog and when I look for something affecting the Sophos server I have to go thru huge pages of syslog.
Thank you in advance.
P.S. I've also excluded this from IPS after looking at this thread
https://community.sophos.com/products/unified-threat-management/astaroorg/f/75/t/64377
but it's not it, I've excluded the Sophos server from EVERYTHING (Intrusion Protection / Anti-Portscan / Anti-DoS/Flooding TCP / Anti-DoS/Flooding UDP / Anti-DoS/Flooding ICMP) both ways (in and out).
This thread was automatically locked due to age.
