Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 2 subscribers
  • Views 20717 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM dropping packets

mexim
Hello All,
I've had a great time implementing Sophos UTM, with one exception. It drops packets when i try to connect to https://web80.dnchosting.com:2083/

Anyone know how i can configure Sophos to exempt this specific website for security checks?


This thread was automatically locked due to age.
  • 0
    Hi BAlfson,
    My bad, newbie mistake! Here are the lines

    2014:08:23-19:31:06 THOR ulogd[12296]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcmac="34:23:87:e7:b9:59" dstmac="0:1c:f0:a6:a2:21" srcip="192.168.0.114" dstip="157.56.144.215" proto="17" length="89" tos="0x00" prec="0x00" ttl="127" srcport="57224" dstport="3544" 
    2014:08:23-19:31:06 THOR ulogd[12296]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcmac="34:23:87:e7:96:43" dstmac="0:1c:f0:a6:a2:21" srcip="192.168.0.113" dstip="157.56.144.215" proto="17" length="89" tos="0x00" prec="0x00" ttl="127" srcport="51105" dstport="3544" 
    2014:08:23-19:31:06 THOR ulogd[12296]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcmac="10:93:e9:4:e7[:D]4" dstmac="0:1c:f0:a6:a2:21" srcip="192.168.0.117" dstip="199.7.108.80" proto="6" length="48" tos="0x00" prec="0x00" ttl="63" srcport="53930" dstport="2083" tcpflags="SYN" 
    2014:08:23-19:31:06 THOR ulogd[12296]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcmac="10:93:e9:4:e7[:D]4" dstmac="0:1c:f0:a6:a2:21" srcip="192.168.0.117" dstip="199.7.108.80" proto="6" length="48" tos="0x00" prec="0x00" ttl="63" srcport="53929" dstport="2083" tcpflags="SYN" 
    2014:08:23-19:31:06 THOR ulogd[12296]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcmac="10:93:e9:4:e7[:D]4" dstmac="0:1c:f0:a6:a2:21" srcip="192.168.0.117" dstip="199.7.108.80" proto="6" length="48" tos="0x00" prec="0x00" ttl="63" srcport="53928" dstport="2083" tcpflags="SYN" 
    2014:08:23-19:31:06 THOR ulogd[12296]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcmac="10:93:e9:4:e7[:D]4" dstmac="0:1c:f0:a6:a2:21" srcip="192.168.0.117" dstip="199.7.108.80" proto="6" length="48" tos="0x00" prec="0x00" ttl="63" srcport="53927" dstport="2083" tcpflags="SYN" 
    2014:08:23-19:31:06 THOR ulogd[12296]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcmac="10:93:e9:4:e7[:D]4" dstmac="0:1c:f0:a6:a2:21" srcip="192.168.0.117" dstip="199.7.108.80" proto="6" length="48" tos="0x00" prec="0x00" ttl="63" srcport="53926" dstport="2083" tcpflags="SYN" 
    2014:08:23-19:31:10 THOR ulogd[12296]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1c:f0:a6:a2:21" srcip="67.228.177.234" dstip="192.168.0.129" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="33843" tcpflags="RST" 
    2014:08:23-19:31:10 THOR ulogd[12296]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1c:f0:a6:a2:21" srcip="67.228.177.234" dstip="192.168.0.129" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="35150" tcpflags="RST" 
    2014:08:23-19:31:10 THOR ulogd[12296]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="0:1c:f0:a6:a2:21" srcip="67.228.177.234" dstip="192.168.0.129" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="80" dstport="56838" tcpflags="RST" 
    2014:08:23-19:31:14 THOR ulogd[12296]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcmac="34:23:87:e7:b9:59" dstmac="0:1c:f0:a6:a2:21" srcip="192.168.0.114" dstip="157.56.144.215" proto="17" length="89" tos="0x00" prec="0x00" ttl="127" srcport="57224" dstport="3544"
  • 0
    That confirms that you need to make two firewall rules:

    Internal (Network) -> {UDP 1:65535->3544} -> {157.56.144.215} : Allow


    and

    Internal (Network) -> {TCP 1:65535->2083} -> {199.7.108.80} : Allow


    Instead of making the Destination a single IP Host definition, you might want to use a network definition like 199.7.108.64/27.  Or, you could start with a logged rule and make new rules based on what you see in the log file:

    Internal (Network) -> Any -> Internet : Allow



    Cheers - Bob
  • 0
    Thanks a million BAlfson, will try this tomorrow. Fingers crossed!
  • 0
    Thanks a million guys, finally got this to work. So grateful