Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 15 replies
  • Subscribers 2 subscribers
  • Views 9292 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall rule not working

tuscani
Hello, we have a firewall rule in position 2 that allows two external IPs (they are in a network group) Any/Any access to the internal LAN. The external IPs are VOIP providers that use upper level UDP Ports. Yet the firewall is still dropping the packets. Any idea why? 

The firewall rule in postion 1 is Any\Any\Any but is disabled.

2013:04:17-13:33:42 @ ulogd[4267]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="b8:9b:c9[:D]9:55:ba" dstmac="0:1a:8c:13:61:31" srcip="x.x.x.x" dstip="y.y.y.y" proto="17" length="132" tos="0x00" prec="0x20" ttl="117" srcport="26055" dstport="2108"


This thread was automatically locked due to age.
  • 0 in reply to BarryG
    Got it.. I enabled\configured VOIP options on the 120.. will let you know how it goes. [:)]
  • 0 in reply to tuscani
    Enabling the SIP and H323 on the UTM120 didn't make a difference.. still seeign the drops on the firewall. VOIP vender stated it shouldn't matter if these ports a blocked.. so I guess I won't worry about it. [:)]
  • 0
    Try applying what I call Rule #1:

    Whenever something seems strange, always check the Intrusion Prevention and Firewall logs.


    Any luck?

    Please post the block line(s) from the Firewall log file (not the Live Log).

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Intrustion Prevention is disabled.. I updated the first post with what I see in firewall log (non-live)
  • 0
    Anti-DoS Flooding activity also is recorded in the Intrusion Prevention log.

    srcip="x.x.x.x" dstip="y.y.y.y"

    Please provide enough numbers for us to see whether the IPs are public or private.  Like 38.x.x.234 and 172.20.y.y.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Cookie Information Banner