Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 3659 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Default DROP on internal interface

radar_01
Astaro 8.311 with web security. Proxy is using port 8080 in standard mode.

In packet filter log there are many dropped packages from astaro internal IP port 8080 to internal clients:

Default DROP TCP astaro_internal_IP : 8080 → client_ip : 52744 [RST] len=40 ttl=64 tos=0x00 srcmac=internal_eth_MAC

Proxy seems to work normal.
I have another astaro, same version, similar config but no such messages in packet filter log.


This thread was automatically locked due to age.
Parents
  • 0
    Also, please edit your post and replace the line from the Live Log with the same one from the full log file.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Also, please edit your post and replace the line from the Live Log with the same one from the full log file.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    Attached firewall and web logs, 10.1.5.50 is client PC, 10.1.70.100 is local f-secure server.
    After playing with WireShark I would say that packet drops are caused with f-secure orsp service.

    Strange thing is that packet drops are only seen on one astaro. As I mentioned in first post we use two astaro-s with similar config. Main difference is that ASLs are connected to different providers.
    logs.zip
Cookie Information Banner