Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 2445 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

traffic dropped by firewall, don't know why

sakkath
My Sophos UTM 9.2 box is dropping Blizzard Game Data Files and I don't know why. It's not being dropped by IPS or application control and I have TCP/UDP 80 open on the FW.

The traffic is destined for the correct IP (192.168.199.20) so I guess it's not a NAT problem but I'm quite a novice at this so I could have done something stupid.

This blocking has caused over 100G of traffic in the last 3 days as I guess the Blizzard update agent is constantly asking for updates which are being blocked.. Please help!


This thread was automatically locked due to age.
Parents
  • 0
    Here's one of the lines from the log:
    2015:03:27-08:48:48 sophosUTM9 ulogd[22353]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" mark="0x1508" app="1288" srcmac="00:90:fb:42:24:3c" srcip="150.101.152.26"
Reply
  • 0
    Here's one of the lines from the log:
    2015:03:27-08:48:48 sophosUTM9 ulogd[22353]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" mark="0x1508" app="1288" srcmac="00:90:fb:42:24:3c" srcip="150.101.152.26"
Children
  • 0 in reply to sakkath
    Here's one of the lines from the log:
    2015:03:27-08:48:48 sophosUTM9 ulogd[22353]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth0" mark="0x1508" app="1288" srcmac="00:90:fb:42:24:3c" srcip="150.101.152.26"


    Hi,

    1. The protocol info is missing from this line; is that from the Full log?

    2. ACK PSH FIN packets being blocked (from expired sessions probably) shouldn't affect the application.
    There may be something else going on.
    Are you using the http proxy (Web Protection)?

    Barry