Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 2080 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

packetfilter blocking Eset and Tivo

Gary21
My OSX Eset and Win Eset updates are being blocked by my Sophos UTM and I was hoping to get some help to rectify.  I have read through similar articles but I could not seem to fix it.

1)  I believe this is a 
2014:01:07-00:00:07 gapt ulogd[4487]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="8c:2d:aa:4e:56:3" dstmac="80:ee:73:7c:86:bf" srcip="192.168.168.154" dstip="157.56.144.215" proto="17" length="89" tos="0x00" prec="0x00" ttl="63" srcport="51620" dstport="3544" 

2)  Tivo being blocked with similar info.  I'll post the tivo info when I plug it back in tomorrow.  Real pain because I need to plug directly to modem.

Thanks


This thread was automatically locked due to age.
  • 0
    Hi, do you have a firewall rule allowing dst port 3544 out?

    Barry
  • 0 in reply to BarryG
    Thanks.  I created a rule that has Tivo -->  Any Services  --> Any Dest.  After this change, it can connect, but I still see the below entry in the FW log.   I know this rule is a broad rule, but I figured that it would be considered a low risk.  I will add the port you mentioned and remove the all to see if it still works.

    2014:01:21-00:00:22 gapt ulogd[4490]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="0:11[:D]9:3d:0:86" dstmac="80:ee:73:7c:86:bf" srcip="192.168.168.162" dstip="192.168.168.255" proto="17" length="187" tos="0x00" prec="0x00" ttl="64" srcport="2190" dstport="2190"
  • 0
    That remaining log entry appears to be the TiVo broadcasting its presence to the local network (dest IP .255), and IMHO can safely be ignored.  I added an IPS exception rule for my TiVos, which skips Intrusion Protection checks for traffic from their IP addresses.