Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 2 subscribers
  • Views 46715 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

fwrule="60002"

domblocs
Hello

Although ports 30100 tcp are open,  I systematically:

2014:11:30-16:13:26 UTM-MAISON ulogd[31186]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth3" outitf="eth1" srcmac="0:xx:xx:xx:x:xx" dstmac="0:xx:xx:xx:xx:xx" srcip="192.168.1.85" dstip="145.226.yyy.yyy" proto="6" length="44" tos="0x00" prec="0x00" ttl="254" srcport="2754" dstport="30100" tcpflags="SYN" 

Firewall:
Sources: DMZ(network)(192.168.1.0/24) 
Services: 30100 D TCP (port de destination)
Destination: 145.226.yyy.yyy (host)

Can you help me

Thanks


This thread was automatically locked due to age.
Parents
  • 0
    Hello BAlfson

    With Wireshark i find:

    Expert Info (Warn/Sequence): This frame is a (suspected) out-of-order segment


    How can i resolve the probleme with my UTM

    Thanks
  • 0 in reply to domblocs
    Unfortunately I don't have an answer; I too am experiencing the same issue. Packets getting dropped by fwrule="60002" with no matching firewall rule. I read another post  indicating a bad update, but my system is entirely up to date (Firmware 9.210-20, pattern 71486).

    In an attempt to overcome, I have:
    - Disabled IPS
    - Disabled ATP
    - Set a firewall rule that allows traffic from any location to any location using any protocol
    - Set exceptions everywhere possible (even with IPS and ATP disabled)
    - Removed all firewall rules that dropped or rejected

    Snippet of log file: 
    2014:12:05-19:31:35 cerberus ulogd[12259]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcmac="00:11[:D]9:34:42:c5" dstmac="00:14:4f:8e:04:3e" srcip="10.0.0.46" dstip="204.176.49.11" proto="17" length="76" tos="0x00" prec="0x00" ttl="63" srcport="32771" dstport="123"


    If it's of relevance, the same internal device had its traffic was dropped due to malformed packets as determined by my previous firewall (Kerio Winroute/Control).
Reply
  • 0 in reply to domblocs
    Unfortunately I don't have an answer; I too am experiencing the same issue. Packets getting dropped by fwrule="60002" with no matching firewall rule. I read another post  indicating a bad update, but my system is entirely up to date (Firmware 9.210-20, pattern 71486).

    In an attempt to overcome, I have:
    - Disabled IPS
    - Disabled ATP
    - Set a firewall rule that allows traffic from any location to any location using any protocol
    - Set exceptions everywhere possible (even with IPS and ATP disabled)
    - Removed all firewall rules that dropped or rejected

    Snippet of log file: 
    2014:12:05-19:31:35 cerberus ulogd[12259]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth1" outitf="eth0" srcmac="00:11[:D]9:34:42:c5" dstmac="00:14:4f:8e:04:3e" srcip="10.0.0.46" dstip="204.176.49.11" proto="17" length="76" tos="0x00" prec="0x00" ttl="63" srcport="32771" dstport="123"


    If it's of relevance, the same internal device had its traffic was dropped due to malformed packets as determined by my previous firewall (Kerio Winroute/Control).
Children
No Data