Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 6813 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Determining Issues with Mobile Apps not working

DavidRojas

I just recently setup the Sophos UTM Home Edition at my house, and left most things as default. I've had to make a few tweaks here and there, but as it stands, I have URL filtering enabled with just a few categories being blocked. 

That said, my sister uses an app called Dingtone for text and voice. She is using an iPhone 5S, and does not receive notifications to that app, or the Telegram app if the apps are closed. If she opens the app, the she sees the texts/messages and/or missed calls.

In Application Control I made an exception to everything Apple-related. At first, some notifications came through, but after I went in and closed the app entirely to try again, I'm back to square one. 

What steps should I take to determine this and other similar issues? I've looked at the firewall live log and tried to open ports for an app (WhatsApp) but I've gotten frustrated because it seems like every time I add the recommended and other specific ports as exceptions in the Firewall, these apps show traffic being dropped on totally different UDP ports. :-(

Any suggestions would be appreciated! Thank you!



This thread was automatically locked due to age.
  • 0

    David, show us a representative line from the firewall log file. Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly.  Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file.

    Cheers - Bob

  • 0 in reply to BAlfson

    I guess I'm still learning how to identify the traffic... 

    Here's one example of a Facebook IP being blocked:

    2016:03:16-16:50:48 atl ulogd[8305]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="68:05:ca:3e:fc:bf" srcip="31.13.69.229" dstip="192.168.2.112" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="54590" tcpflags="RST"

    Here's one from an Apple IP:

    2016:03:16-15:39:49 atl ulogd[8305]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth1" srcmac="68:05:ca:3e:fc:bf" srcip="17.173.66.136" dstip="192.168.2.112" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="54471" tcpflags="RST"

  • 0 in reply to DavidRojas

    Those both have tcpflags="RST" indicating that the firewall's connection tracker thinks the conversation between the iPhone and the server is over, but the server wasn't sure.  If there wasn't an actual disruption of her connection, then this is just the sloppy side of TCP - normally, just ignore them unless there are other complaints.

    Is there anything about a timeout in the Web Filtering log at those times?

    Cheers - Bob