This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTPS Traffic Dropped

My UTM install has been running for a little over 3 years. It is currently on Firmware version 9.405-5 and Pattern version 106631. With the last update, it started blocking YouTube and many of the Google apps, like Drive. Logging into Gmail became problematic also. I have not made any changes to the config for several months before this began.

This is my first post. So, I apologize if I have omitted any needed info. Please let me know what else is needed and I will gladly post it.

Here is an excerpt of the live log of firewall traffic.

Live Log: Firewall

Filter:

Autoscroll

Reload

10:41:18

Default DROP

ICMP

216.58.218.14

→

96.37.242.30

len=576

ttl=54

tos=0x00

srcmac=00:01:5c:65:da:46

dstmac=00:50:56:03:02:0b

10:41:18

Default DROP

ICMP

216.58.218.14

→

96.37.242.30

len=576

ttl=54

tos=0x00

srcmac=00:01:5c:65:da:46

dstmac=00:50:56:03:02:0b

10:41:18

Default DROP

ICMP

216.58.218.14

→

96.37.242.30

len=576

ttl=54

tos=0x00

srcmac=00:01:5c:65:da:46

dstmac=00:50:56:03:02:0b

10:41:19

Default DROP

ICMP

216.58.218.14

→

96.37.242.30

len=576

ttl=54

tos=0x00

srcmac=00:01:5c:65:da:46

dstmac=00:50:56:03:02:0b

10:41:21

Default DROP

ICMP

216.58.218.14

→

96.37.242.30

len=576

ttl=54

tos=0x00

srcmac=00:01:5c:65:da:46

dstmac=00:50:56:03:02:0b

10:41:23

Default DROP

ICMP

216.58.218.14

→

96.37.242.30

len=576

ttl=54

tos=0x00

srcmac=00:01:5c:65:da:46

dstmac=00:50:56:03:02:0b

10:41:25

Default DROP

ICMP

216.58.218.14

→

96.37.242.30

len=576

ttl=54

tos=0x00

srcmac=00:01:5c:65:da:46

dstmac=00:50:56:03:02:0b

10:41:25

Default DROP

ICMP

216.58.218.14

→

96.37.242.30

len=576

ttl=54

tos=0x00

srcmac=00:01:5c:65:da:46

dstmac=00:50:56:03:02:0b

10:41:25

Default DROP

ICMP

216.58.218.14

→

96.37.242.30

len=576

ttl=54

tos=0x00

srcmac=00:01:5c:65:da:46

dstmac=00:50:56:03:02:0b

10:41:25

Default DROP

ICMP

216.58.218.14

→

96.37.242.30

len=576

ttl=54

tos=0x00

srcmac=00:01:5c:65:da:46

dstmac=00:50:56:03:02:0b

10:41:27

Default DROP

ICMP

216.58.218.14

→

96.37.242.30

len=576

ttl=54

tos=0x00

srcmac=00:01:5c:65:da:46

dstmac=00:50:56:03:02:0b

10:41:28

Default DROP

ICMP

216.58.218.14

→

96.37.242.30

len=576

ttl=54

tos=0x00

srcmac=00:01:5c:65:da:46

dstmac=00:50:56:03:02:0b

10:41:28

Default DROP

UDP

203.192.151.103

64281

→

216.58.218.14

443

len=1378

ttl=127

tos=0x00

srcmac=44:8a:5b:9a:76:8c

dstmac=00:50:56:03:02:0a

10:41:28

Default DROP

UDP

203.192.151.103

64281

→

216.58.218.14

443

len=1378

ttl=127

tos=0x00

srcmac=44:8a:5b:9a:76:8c

dstmac=00:50:56:03:02:0a

10:41:28

Default DROP

UDP

203.192.151.103

53152

→

216.58.218.13

443

len=1378

ttl=127

tos=0x00

srcmac=44:8a:5b:9a:76:8c

dstmac=00:50:56:03:02:0a

10:41:28

Default DROP

UDP

203.192.151.103

64281

→

216.58.218.14

443

len=1378

ttl=127

tos=0x00

srcmac=44:8a:5b:9a:76:8c

dstmac=00:50:56:03:02:0a

10:41:28

Default DROP

UDP

203.192.151.103

53152

→

216.58.218.13

443

len=1378

ttl=127

tos=0x00

srcmac=44:8a:5b:9a:76:8c

dstmac=00:50:56:03:02:0a

10:41:28

Default DROP

TCP

216.58.218.14

443

→

96.37.242.30

62634

[ACK FIN]

len=52

ttl=54

tos=0x00

srcmac=00:01:5c:65:da:46

dstmac=00:50:56:03:02:0b

10:41:29

Default DROP

ICMP

216.58.218.14

→

96.37.242.30

len=576

ttl=54

tos=0x00

srcmac=00:01:5c:65:da:46

dstmac=00:50:56:03:02:0b

10:41:29

Default DROP

UDP

203.192.151.103

53152

→

216.58.218.13

443

len=1378

ttl=127

tos=0x00

srcmac=44:8a:5b:9a:76:8c

dstmac=00:50:56:03:02:0a

10:41:30

Default DROP

UDP

203.192.151.103

64281

→

216.58.218.14

443

len=1378

ttl=127

tos=0x00

srcmac=44:8a:5b:9a:76:8c

dstmac=00:50:56:03:02:0a

10:41:30

Default DROP

UDP

203.192.151.103

53152

→

216.58.218.13

443

len=1378

ttl=127

tos=0x00

srcmac=44:8a:5b:9a:76:8c

dstmac=00:50:56:03:02:0a

10:41:31

Default DROP

UDP

203.192.151.103

64281

→

216.58.218.14

443

len=1378

ttl=127

tos=0x00

srcmac=44:8a:5b:9a:76:8c

dstmac=00:50:56:03:02:0a

10:41:31

Default DROP

UDP

203.192.151.103

53152

→

216.58.218.13

443

len=1378

ttl=127

tos=0x00

srcmac=44:8a:5b:9a:76:8c

dstmac=00:50:56:03:02:0a

10:41:32

Default DROP

UDP

203.192.151.103

64281

→

216.58.218.14

443

len=98

ttl=127

tos=0x00

srcmac=44:8a:5b:9a:76:8c

dstmac=00:50:56:03:02:0a

10:41:32

Default DROP

UDP

203.192.151.103

53152

→

216.58.218.13

443

len=98

ttl=127

tos=0x00

srcmac=44:8a:5b:9a:76:8c

dstmac=00:50:56:03:02:0a

10:41:34

Default DROP

ICMP

216.58.218.14

→

96.37.242.30

len=576

ttl=54

tos=0x00

srcmac=00:01:5c:65:da:46

dstmac=00:50:56:03:02:0b

10:41:44

Default DROP

ICMP

216.58.218.14

→

96.37.242.30

len=576

ttl=54

tos=0x00

srcmac=00:01:5c:65:da:46

dstmac=00:50:56:03:02:0b

10:41:44

Default DROP

ICMP

216.58.218.14

→

96.37.242.30

len=576

ttl=54

tos=0x00

srcmac=00:01:5c:65:da:46

dstmac=00:50:56:03:02:0b

10:41:44

Default DROP

ICMP

216.58.218.14

→

96.37.242.30

len=576

ttl=54

tos=0x00

srcmac=00:01:5c:65:da:46

dstmac=00:50:56:03:02:0b

10:41:44

Default DROP

ICMP

216.58.218.14

→

96.37.242.30

len=576

ttl=54

tos=0x00

srcmac=00:01:5c:65:da:46

dstmac=00:50:56:03:02:0b

10:41:46

Default DROP

ICMP

216.58.218.14

→

96.37.242.30

len=576

ttl=54

tos=0x00

srcmac=00:01:5c:65:da:46

dstmac=00:50:56:03:02:0b

10:41:48

Default DROP

ICMP

216.58.218.14

→

96.37.242.30

len=576

ttl=54

tos=0x00

srcmac=00:01:5c:65:da:46

dstmac=00:50:56:03:02:0b

What do I need to change to fix this? Thanks, in advance, for your help.

This thread was automatically locked due to age.

0 apijnappels over 8 years ago

Hi by just looking at your firewall log I cannot really see what might be wrong. All that gets blocked in these lines is mostly ICMP or UDP traffic. HTTPS is TCP traffic on port 443 and that's not something on this list.

Do you use Web-protection? Is web-protection still switched on? Can you see any information in web-protection log?

Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.
Cancel
Vote Up 0 Vote Down

Cancel
0 sachingurung over 8 years ago

Hi,

Please post http.log.

Thanks

Sachin Gurung
Team Lead | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 MichaelHess over 8 years ago in reply to apijnappels

Here is the web-protection live log:

Live Log: Web Filtering

Filter:

Autoscroll
Reload

2016:08:13-21:15:04 constable httpproxy[1245]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="203.192.151.103" dstip="208.95.185.58" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="3928" request="0xddd59e00" url="launcher.startrekonline.com/.../sto_launcher_box_top.png" referer="launcher.startrekonline.com/launcher_login" error="" authtime="0" dnstime="0" cattime="583" avscantime="1157" fullreqtime="653171" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.91 Safari/537.1" exceptions="" category="116" reputation="neutral" categoryname="Games" sandbox="-" content-type="image/png"

2016:08:13-21:15:04 constable httpproxy[1245]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="203.192.151.103" dstip="208.95.185.58" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="29340" request="0xe13b1200" url="launcher.startrekonline.com/.../startrek.ttf" referer="launcher.startrekonline.com/launcher_login" error="" authtime="0" dnstime="0" cattime="525" avscantime="1574" fullreqtime="830897" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.91 Safari/537.1" exceptions="" category="116" reputation="neutral" categoryname="Games" sandbox="-" content-type="application/x-font-ttf"

2016:08:13-21:15:14 constable httpproxy[1245]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="203.192.151.103" dstip="54.154.54.23" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="286" request="0xdd00fe00" url="api.better-history.com/.../bhrule referer="" error="" authtime="0" dnstime="157719" cattime="97887" avscantime="5131" fullreqtime="510390" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.82 Safari/537.36" exceptions="" category="178" reputation="neutral" categoryname="Internet Services" sandbox="-" content-type="text/plain"

2016:08:13-21:15:17 constable httpproxy[1245]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="203.192.151.115" dstip="50.115.126.70" user="" group="" ad_domain="" statuscode="404" cached="0" profile="REF_HttProContaInterNetwo (Zach Sleep)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="39" request="0xe2961600" url="s.optifine.net/.../Fuzzy_Bunny95.cfg" referer="" error="" authtime="0" dnstime="265" cattime="39300" avscantime="2484" fullreqtime="186750" device="0" auth="0" ua="Java/1.8.0_91" exceptions="" category="116" reputation="neutral" categoryname="Games" sandbox="-" content-type="text/html"

2016:08:13-21:15:17 constable httpproxy[1245]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="203.192.151.115" dstip="50.115.126.70" user="" group="" ad_domain="" statuscode="404" cached="0" profile="REF_HttProContaInterNetwo (Zach Sleep)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="39" request="0xa560600" url="s.optifine.net/.../Fuzzy_Bunny95.png" referer="" error="" authtime="0" dnstime="269" cattime="39354" avscantime="2627" fullreqtime="187058" device="0" auth="0" ua="Java/1.8.0_91" exceptions="" category="116" reputation="neutral" categoryname="Games" sandbox="-" content-type="text/html"

2016:08:13-21:15:22 constable httpproxy[1245]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="203.192.151.115" dstip="52.85.101.127" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (Zach Sleep)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="4089" request="0xde3c6a00" url="https://api.mojang.com/" referer="" error="" authtime="0" dnstime="62211" cattime="206" avscantime="0" fullreqtime="5253079" device="0" auth="0" ua="" exceptions="" category="116" reputation="neutral" categoryname="Games"

2016:08:13-21:15:27 constable httpproxy[1245]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="203.192.151.115" dstip="52.85.101.127" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (Zach Sleep)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="5139" request="0xe295fe00" url="sessionserver.mojang.com/" referer="" error="" authtime="0" dnstime="55199" cattime="219" avscantime="0" fullreqtime="9863741" device="0" auth="0" ua="" exceptions="" category="116" reputation="neutral" categoryname="Games"

2016:08:13-21:15:47 constable httpproxy[1245]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="203.192.151.217" dstip="23.7.32.29" user="" group="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0x99e8400" url="walter-producer-cdn.api.bbci.co.uk/.../followtopics.json" referer="" error="" authtime="0" dnstime="74575" cattime="34609" avscantime="0" fullreqtime="145555" device="0" auth="0" ua="BBCNews/3.7.1.9 GNL (XT1575; Android 6.0)" exceptions="" category="134" reputation="neutral" categoryname="General News"

2016:08:13-21:15:47 constable httpproxy[1245]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="203.192.151.217" dstip="23.7.32.29" user="" group="" ad_domain="" statuscode="304" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="0" request="0x99e7e00" url="walter-producer-cdn.api.bbci.co.uk/.../ads" referer="" error="" authtime="0" dnstime="74488" cattime="34824" avscantime="0" fullreqtime="152812" device="0" auth="0" ua="BBCNews/3.7.1.9 GNL (XT1575; Android 6.0)" exceptions="" category="134" reputation="neutral" categoryname="General News"

2016:08:13-21:15:47 constable httpproxy[1245]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="203.192.151.217" dstip="54.231.131.122" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="1406" request="0xa9c5800" url="p3icdn.s3.amazonaws.com/favico.ico" referer="" error="" authtime="0" dnstime="49148" cattime="387" avscantime="1731" fullreqtime="285332" device="0" auth="0" ua="" exceptions="" category="177" reputation="trusted" categoryname="Content Server" sandbox="-" content-type="image/x-icon"

2016:08:13-21:16:04 constable httpproxy[1245]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="GET" srcip="203.192.151.103" dstip="208.95.185.58" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_DefaultHTTPProfile (Default Web Filter Profile)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="2" request="0xe13b1200" url="launcher.startrekonline.com/launcher_server_status" referer="launcher.startrekonline.com/launcher_login" error="" authtime="0" dnstime="308" cattime="315" avscantime="2187" fullreqtime="59848801" device="0" auth="0" ua="Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.91 Safari/537.1" exceptions="" category="116" reputation="neutral" categoryname="Games" sandbox="-" content-type="application/octet-stream"

2016:08:13-21:16:23 constable httpproxy[1245]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="203.192.151.115" dstip="216.58.218.5" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (Zach Sleep)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="482982" request="0xe0a07200" url="https://mail.google.com/" referer="" error="" authtime="0" dnstime="4" cattime="192" avscantime="0" fullreqtime="536034001" device="0" auth="0" ua="" exceptions="" category="156" reputation="trusted" categoryname="Web Mail"

2016:08:13-21:16:24 constable httpproxy[1245]: id="0001" severity="info" sys="SecureWeb" sub="http" name="http access" action="pass" method="CONNECT" srcip="203.192.151.115" dstip="216.58.218.14" user="" group="" ad_domain="" statuscode="200" cached="0" profile="REF_HttProContaInterNetwo (Zach Sleep)" filteraction="REF_DefaultHTTPCFFAction (Default content filter action)" size="9344" request="0xdca77200" url="safebrowsing.google.com/" referer="" error="" authtime="0" dnstime="2" cattime="89" avscantime="0" fullreqtime="653718101" device="0" auth="0" ua="" exceptions="" category="145" reputation="neutral" categoryname="Search Engines"
Cancel
Vote Up 0 Vote Down

Cancel

0 MichaelHess over 8 years ago in reply to sachingurung

Is that the HTTP Daemon log? If so, here it is. If not, please let me know where to find it.

2016:08:13-21:15:27 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:25 -0400] "GET / HTTP/1.1" 200 238649
2016:08:13-21:15:27 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:27 -0400] "GET /core/css/wizard.css HTTP/1.1" 200 863
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:27 -0400] "GET /core/css/default.css HTTP/1.1" 200 688
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:28 -0400] "GET /core/css/elements.css HTTP/1.1" 200 403
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:28 -0400] "GET /core/css/astaro.css HTTP/1.1" 200 834
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:28 -0400] "GET /core/js/core-9.40.min.js HTTP/1.1" 200 198523
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:28 -0400] "GET /core/img/blank1x1.gif HTTP/1.1" 200 68
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:28 -0400] "GET /wfe/asg/js/app-9.40.min.js HTTP/1.1" 200 46476
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:28 -0400] "GET /wfe/asg/img/flow_monitor/fm-icon-block.png HTTP/1.1" 200 720
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:28 -0400] "GET /wfe/asg/img/flow_monitor/fm-icon-shape.png HTTP/1.1" 200 537
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:28 -0400] "GET /blank.html HTTP/1.1" 200 -
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:28 -0400] "GET /core/img/leftcol_bg.png HTTP/1.1" 200 196
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:28 -0400] "POST /webadmin.plx HTTP/1.1" 200 266
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:28 -0400] "GET /core/img/topbar/topbar_left.png HTTP/1.1" 200 4134
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:28 -0400] "GET /core/img/topbar/topbar_right.png HTTP/1.1" 200 10674
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:28 -0400] "GET /wfe/asg/img/flow_monitor/fm-icon-throttle.png HTTP/1.1" 200 718
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:28 -0400] "GET /core/img/icons/search.png HTTP/1.1" 200 631
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:28 -0400] "GET /core/img/topbar/topbar.png HTTP/1.1" 200 396
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:28 -0400] "POST /webadmin.plx HTTP/1.1" 200 610
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:28 -0400] "GET /core/img/topbar/topbar_divider.png HTTP/1.1" 200 84
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:28 -0400] "GET /core/img/topbar/topbar_help.png HTTP/1.1" 200 1204
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:28 -0400] "GET /core/img/topbar/topbar_refresh.png HTTP/1.1" 200 1246
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:28 -0400] "GET /core/img/navbar_bg.png HTTP/1.1" 200 938
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:28 -0400] "GET /core/img/topbar/throbber_animation.gif HTTP/1.1" 200 2416
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:28 -0400] "POST /webadmin.plx HTTP/1.1" 200 748
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:28 -0400] "GET /core/img/login/bar.png HTTP/1.1" 200 274
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:28 -0400] "GET /core/img/login/login.png HTTP/1.1" 200 3323
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:28 -0400] "GET /core/img/login/login_button.png HTTP/1.1" 200 1792
2016:08:13-21:15:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:28 -0400] "GET /core/img/topbar/throbber_still.gif HTTP/1.1" 200 1117
2016:08:13-21:15:35 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:31 -0400] "POST /webadmin.plx HTTP/1.1" 200 102881
2016:08:13-21:15:35 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:35 -0400] "POST /webadmin.plx HTTP/1.1" 200 6558
2016:08:13-21:15:35 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:35 -0400] "POST /webadmin.plx HTTP/1.1" 200 8801
2016:08:13-21:15:35 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:35 -0400] "POST /webadmin.plx HTTP/1.1" 200 3318
2016:08:13-21:15:35 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:35 -0400] "POST /webadmin.plx HTTP/1.1" 200 2992
2016:08:13-21:15:35 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:35 -0400] "POST /webadmin.plx HTTP/1.1" 200 1701
2016:08:13-21:15:35 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:35 -0400] "POST /webadmin.plx HTTP/1.1" 200 4508
2016:08:13-21:15:35 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:35 -0400] "POST /webadmin.plx HTTP/1.1" 200 4722
2016:08:13-21:15:35 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:35 -0400] "POST /webadmin.plx HTTP/1.1" 200 342547
2016:08:13-21:15:35 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:35 -0400] "POST /webadmin.plx HTTP/1.1" 200 3560
2016:08:13-21:15:35 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:35 -0400] "POST /webadmin.plx HTTP/1.1" 200 7604
2016:08:13-21:15:35 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:35 -0400] "POST /webadmin.plx HTTP/1.1" 200 768
2016:08:13-21:15:35 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:35 -0400] "GET /core/img/topbar/topbar_user.png HTTP/1.1" 200 935
2016:08:13-21:15:35 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:35 -0400] "GET /core/img/topbar/topbar_livelog.png HTTP/1.1" 200 1167
2016:08:13-21:15:35 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:35 -0400] "POST /webadmin.plx HTTP/1.1" 200 16025
2016:08:13-21:15:35 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:35 -0400] "GET /blank.html?id=0&rnd=0.6787662778946826 HTTP/1.1" 200 -
2016:08:13-21:15:35 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:35 -0400] "GET /core/img/panel_top.png HTTP/1.1" 200 234
2016:08:13-21:15:35 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:35 -0400] "POST /webadmin.plx HTTP/1.1" 200 380
2016:08:13-21:15:35 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:35 -0400] "GET /blank.html?id=1&rnd=0.20216435028578883 HTTP/1.1" 200 -
2016:08:13-21:15:35 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:35 -0400] "GET /core/img/icons/cancel.png HTTP/1.1" 200 518
2016:08:13-21:15:35 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:35 -0400] "POST /webadmin.plx HTTP/1.1" 200 333
2016:08:13-21:15:36 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:35 -0400] "POST /webadmin.plx HTTP/1.1" 200 6746
2016:08:13-21:15:36 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:36 -0400] "GET /core/img/dashboard/db_box_header_center.png HTTP/1.1" 200 140
2016:08:13-21:15:36 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:36 -0400] "GET /core/img/dashboard/db_box_header_left.png HTTP/1.1" 200 195
2016:08:13-21:15:36 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:36 -0400] "GET /core/img/dashboard/divider_bg.png HTTP/1.1" 200 211
2016:08:13-21:15:36 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:36 -0400] "GET /core/img/trafficlights/traffic_small_green.png HTTP/1.1" 200 797
2016:08:13-21:15:36 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:36 -0400] "GET /core/img/dashboard/usage_bar.png HTTP/1.1" 200 121
2016:08:13-21:15:36 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:36 -0400] "GET /core/img/icons/settings.png HTTP/1.1" 200 844
2016:08:13-21:15:36 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:36 -0400] "GET /core/img/dashboard/system.png HTTP/1.1" 200 620
2016:08:13-21:15:36 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:36 -0400] "GET /core/img/dashboard/software.png HTTP/1.1" 200 687
2016:08:13-21:15:36 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:36 -0400] "GET /core/img/panel_top_divider.png HTTP/1.1" 200 208
2016:08:13-21:15:36 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:36 -0400] "GET /core/img/dashboard/settings.png HTTP/1.1" 200 547
2016:08:13-21:15:36 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:36 -0400] "GET /core/img/icons/arrow_link.png HTTP/1.1" 200 470
2016:08:13-21:15:36 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:36 -0400] "GET /wfe/asg/img/dashboard/disk.png HTTP/1.1" 200 269
2016:08:13-21:15:36 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:36 -0400] "GET /wfe/asg/img/dashboard/cpu.png HTTP/1.1" 200 572
2016:08:13-21:15:36 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:36 -0400] "GET /core/img/icons/aptp_event_sane.png HTTP/1.1" 200 611
2016:08:13-21:15:36 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:36 -0400] "GET /core/img/dashboard/date.png HTTP/1.1" 200 234
2016:08:13-21:15:36 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:36 -0400] "GET /wfe/asg/img/dashboard/ram.png HTTP/1.1" 200 517
2016:08:13-21:15:36 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:36 -0400] "GET /core/img/dashboard/db_box_header_right.png HTTP/1.1" 200 202
2016:08:13-21:15:36 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:36 -0400] "GET /core/img/trafficlights/traffic_small_red.png HTTP/1.1" 200 813
2016:08:13-21:15:39 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:39 -0400] "POST /webadmin.plx HTTP/1.1" 200 333
2016:08:13-21:15:41 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:41 -0400] "POST /webadmin.plx HTTP/1.1" 200 6725
2016:08:13-21:15:42 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:42 -0400] "POST /webadmin.plx HTTP/1.1" 200 383
2016:08:13-21:15:42 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:42 -0400] "GET /blank.html?id=2&rnd=0.3218621422972552 HTTP/1.1" 200 -
2016:08:13-21:15:42 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:42 -0400] "POST /webadmin.plx HTTP/1.1" 200 333
2016:08:13-21:15:42 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:42 -0400] "POST /webadmin.plx HTTP/1.1" 200 4650
2016:08:13-21:15:42 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:42 -0400] "GET /core/img/table_gradient_small.png HTTP/1.1" 200 164
2016:08:13-21:15:42 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:42 -0400] "GET /core/img/table_gradient.png HTTP/1.1" 200 220
2016:08:13-21:15:42 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:42 -0400] "GET /core/img/box/widget_left.png HTTP/1.1" 200 217
2016:08:13-21:15:42 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:42 -0400] "GET /core/img/box/widget_center.png HTTP/1.1" 200 147
2016:08:13-21:15:42 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:42 -0400] "GET /core/img/box/widget_right.png HTTP/1.1" 200 198
2016:08:13-21:15:44 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:44 -0400] "POST /webadmin.plx HTTP/1.1" 200 391
2016:08:13-21:15:45 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:45 -0400] "GET /logwin.html HTTP/1.1" 200 1365
2016:08:13-21:15:45 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:45 -0400] "GET /core/js/jquery/jquery.min.js HTTP/1.1" 200 29910
2016:08:13-21:15:45 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:45 -0400] "GET /core/img/background.png HTTP/1.1" 200 296
2016:08:13-21:15:45 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:45 -0400] "GET /core/img/fieldset/fieldset_center.png HTTP/1.1" 200 147
2016:08:13-21:15:45 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:45 -0400] "GET /core/img/icons/reset.png HTTP/1.1" 200 555
2016:08:13-21:15:45 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:45 -0400] "POST /webadmin.plx HTTP/1.1" 200 387
2016:08:13-21:15:45 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:45 -0400] "GET /core/img/topbar/topbar_user.png HTTP/1.1" 200 935
2016:08:13-21:15:51 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:46 -0400] "POST /webadmin.plx HTTP/1.1" 200 386
2016:08:13-21:15:53 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:51 -0400] "POST /webadmin.plx HTTP/1.1" 200 1733
2016:08:13-21:15:55 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:54 -0400] "POST /webadmin.plx HTTP/1.1" 200 389
2016:08:13-21:15:58 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:15:57 -0400] "POST /webadmin.plx HTTP/1.1" 200 389
2016:08:13-21:16:01 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:16:00 -0400] "POST /webadmin.plx HTTP/1.1" 200 389
2016:08:13-21:16:04 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:16:03 -0400] "POST /webadmin.plx HTTP/1.1" 200 389
2016:08:13-21:16:06 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:16:06 -0400] "POST /webadmin.plx HTTP/1.1" 200 896
2016:08:13-21:16:09 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:16:08 -0400] "POST /webadmin.plx HTTP/1.1" 200 389
2016:08:13-21:16:12 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:16:11 -0400] "POST /webadmin.plx HTTP/1.1" 200 389
2016:08:13-21:16:15 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:16:14 -0400] "POST /webadmin.plx HTTP/1.1" 200 389
2016:08:13-21:16:18 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:16:17 -0400] "POST /webadmin.plx HTTP/1.1" 200 390
2016:08:13-21:16:21 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:16:20 -0400] "POST /webadmin.plx HTTP/1.1" 200 389
2016:08:13-21:16:24 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:16:23 -0400] "POST /webadmin.plx HTTP/1.1" 200 772
2016:08:13-21:16:27 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:16:26 -0400] "POST /webadmin.plx HTTP/1.1" 200 780
2016:08:13-21:16:30 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:16:29 -0400] "POST /webadmin.plx HTTP/1.1" 200 389
2016:08:13-21:16:32 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:16:32 -0400] "POST /webadmin.plx HTTP/1.1" 200 390
2016:08:13-21:16:35 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:16:34 -0400] "POST /webadmin.plx HTTP/1.1" 200 390
2016:08:13-21:16:38 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:16:37 -0400] "POST /webadmin.plx HTTP/1.1" 200 389
2016:08:13-21:16:41 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:16:40 -0400] "POST /webadmin.plx HTTP/1.1" 200 390
2016:08:13-21:16:44 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:16:43 -0400] "POST /webadmin.plx HTTP/1.1" 200 387
2016:08:13-21:16:47 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:16:46 -0400] "POST /webadmin.plx HTTP/1.1" 200 388
2016:08:13-21:16:50 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:16:49 -0400] "POST /webadmin.plx HTTP/1.1" 200 389
2016:08:13-21:16:53 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:16:52 -0400] "POST /webadmin.plx HTTP/1.1" 200 390
2016:08:13-21:16:56 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:16:55 -0400] "POST /webadmin.plx HTTP/1.1" 200 390
2016:08:13-21:16:59 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:16:58 -0400] "POST /webadmin.plx HTTP/1.1" 200 390
2016:08:13-21:17:02 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:17:01 -0400] "POST /webadmin.plx HTTP/1.1" 200 390
2016:08:13-21:17:04 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:17:04 -0400] "POST /webadmin.plx HTTP/1.1" 200 897
2016:08:13-21:17:06 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:17:06 -0400] "POST /webadmin.plx HTTP/1.1" 200 390
2016:08:13-21:17:09 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:17:08 -0400] "POST /webadmin.plx HTTP/1.1" 200 389
2016:08:13-21:17:12 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:17:11 -0400] "POST /webadmin.plx HTTP/1.1" 200 389
2016:08:13-21:17:15 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:17:14 -0400] "POST /webadmin.plx HTTP/1.1" 200 388
2016:08:13-21:17:18 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:17:17 -0400] "POST /webadmin.plx HTTP/1.1" 200 390
2016:08:13-21:17:20 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:17:20 -0400] "POST /webadmin.plx HTTP/1.1" 200 389
2016:08:13-21:17:23 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:17:22 -0400] "POST /webadmin.plx HTTP/1.1" 200 389
2016:08:13-21:17:26 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:17:25 -0400] "POST /webadmin.plx HTTP/1.1" 200 389
2016:08:13-21:17:28 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:17:28 -0400] "POST /webadmin.plx HTTP/1.1" 200 389
2016:08:13-21:17:31 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:17:30 -0400] "POST /webadmin.plx HTTP/1.1" 200 389
2016:08:13-21:17:34 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:17:33 -0400] "POST /webadmin.plx HTTP/1.1" 200 389
2016:08:13-21:17:37 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:17:36 -0400] "POST /webadmin.plx HTTP/1.1" 200 389
2016:08:13-21:17:40 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:17:39 -0400] "POST /webadmin.plx HTTP/1.1" 200 390
2016:08:13-21:17:42 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:17:42 -0400] "POST /webadmin.plx HTTP/1.1" 200 390
2016:08:13-21:17:45 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:17:44 -0400] "POST /webadmin.plx HTTP/1.1" 200 390
2016:08:13-21:17:48 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:17:47 -0400] "POST /webadmin.plx HTTP/1.1" 200 389
2016:08:13-21:17:50 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:17:50 -0400] "POST /webadmin.plx HTTP/1.1" 200 390
2016:08:13-21:17:53 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:17:52 -0400] "POST /webadmin.plx HTTP/1.1" 200 390
2016:08:13-21:17:56 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:17:55 -0400] "POST /webadmin.plx HTTP/1.1" 200 390
2016:08:13-21:17:59 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:17:58 -0400] "POST /webadmin.plx HTTP/1.1" 200 390
2016:08:13-21:18:02 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:01 -0400] "POST /webadmin.plx HTTP/1.1" 200 389
2016:08:13-21:18:05 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:04 -0400] "POST /webadmin.plx HTTP/1.1" 200 900
2016:08:13-21:18:08 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:07 -0400] "POST /webadmin.plx HTTP/1.1" 200 389
2016:08:13-21:18:11 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:10 -0400] "POST /webadmin.plx HTTP/1.1" 200 391
2016:08:13-21:18:14 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:13 -0400] "POST /webadmin.plx HTTP/1.1" 200 388
2016:08:13-21:18:17 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:16 -0400] "POST /webadmin.plx HTTP/1.1" 200 389
2016:08:13-21:18:20 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:19 -0400] "POST /webadmin.plx HTTP/1.1" 200 390
2016:08:13-21:18:23 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:22 -0400] "POST /webadmin.plx HTTP/1.1" 200 389
2016:08:13-21:18:26 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:25 -0400] "POST /webadmin.plx HTTP/1.1" 200 390
2016:08:13-21:18:29 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:28 -0400] "POST /webadmin.plx HTTP/1.1" 200 389
2016:08:13-21:18:30 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:30 -0400] "POST /webadmin.plx HTTP/1.1" 200 334
2016:08:13-21:18:33 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:33 -0400] "POST /webadmin.plx HTTP/1.1" 200 391
2016:08:13-21:18:34 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:34 -0400] "GET /blank.html?id=3&rnd=0.776582299527409 HTTP/1.1" 200 -
2016:08:13-21:18:34 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:34 -0400] "POST /webadmin.plx HTTP/1.1" 200 334
2016:08:13-21:18:34 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:34 -0400] "POST /webadmin.plx HTTP/1.1" 200 6758
2016:08:13-21:18:34 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:34 -0400] "GET /core/img/panel_top_divider.png HTTP/1.1" 200 208
2016:08:13-21:18:34 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:34 -0400] "GET /core/img/icons/settings.png HTTP/1.1" 200 844
2016:08:13-21:18:34 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:34 -0400] "GET /core/img/dashboard/system.png HTTP/1.1" 200 620
2016:08:13-21:18:34 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:34 -0400] "GET /core/img/icons/arrow_link.png HTTP/1.1" 200 470
2016:08:13-21:18:34 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:34 -0400] "GET /core/img/dashboard/settings.png HTTP/1.1" 200 547
2016:08:13-21:18:34 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:34 -0400] "GET /wfe/asg/img/dashboard/cpu.png HTTP/1.1" 200 572
2016:08:13-21:18:34 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:34 -0400] "GET /wfe/asg/img/dashboard/ram.png HTTP/1.1" 200 517
2016:08:13-21:18:34 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:34 -0400] "GET /core/img/dashboard/software.png HTTP/1.1" 200 687
2016:08:13-21:18:34 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:34 -0400] "GET /core/img/dashboard/date.png HTTP/1.1" 200 234
2016:08:13-21:18:34 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:34 -0400] "GET /wfe/asg/img/dashboard/disk.png HTTP/1.1" 200 269
2016:08:13-21:18:34 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:34 -0400] "GET /core/img/blank1x1.gif HTTP/1.1" 200 68
2016:08:13-21:18:34 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:34 -0400] "GET /core/img/icons/aptp_event_sane.png HTTP/1.1" 200 611
2016:08:13-21:18:40 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:39 -0400] "POST /webadmin.plx HTTP/1.1" 200 6719
2016:08:13-21:18:43 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:43 -0400] "POST /webadmin.plx HTTP/1.1" 200 393
2016:08:13-21:18:44 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:44 -0400] "GET /logwin.html HTTP/1.1" 200 1365
2016:08:13-21:18:44 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:44 -0400] "GET /core/js/jquery/jquery.min.js HTTP/1.1" 200 29910
2016:08:13-21:18:45 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:45 -0400] "POST /webadmin.plx HTTP/1.1" 200 6709
2016:08:13-21:18:49 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:45 -0400] "POST /webadmin.plx HTTP/1.1" 200 386
2016:08:13-21:18:50 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:50 -0400] "POST /webadmin.plx HTTP/1.1" 200 6706
2016:08:13-21:18:51 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:51 -0400] "POST /webadmin.plx HTTP/1.1" 200 334
2016:08:13-21:18:54 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:53 -0400] "POST /webadmin.plx HTTP/1.1" 200 333
2016:08:13-21:18:55 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:18:55 -0400] "POST /webadmin.plx HTTP/1.1" 200 6710
2016:08:13-21:19:01 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:00 -0400] "POST /webadmin.plx HTTP/1.1" 200 6706
2016:08:13-21:19:06 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:06 -0400] "POST /webadmin.plx HTTP/1.1" 200 6705
2016:08:13-21:19:11 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:11 -0400] "POST /webadmin.plx HTTP/1.1" 200 6721
2016:08:13-21:19:17 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:16 -0400] "POST /webadmin.plx HTTP/1.1" 200 6711
2016:08:13-21:19:22 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:22 -0400] "POST /webadmin.plx HTTP/1.1" 200 6712
2016:08:13-21:19:22 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:22 -0400] "POST /webadmin.plx HTTP/1.1" 200 380
2016:08:13-21:19:22 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:22 -0400] "GET /blank.html?id=4&rnd=0.39143876896254715 HTTP/1.1" 200 -
2016:08:13-21:19:22 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:22 -0400] "POST /webadmin.plx HTTP/1.1" 200 333
2016:08:13-21:19:22 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:22 -0400] "POST /webadmin.plx HTTP/1.1" 200 901
2016:08:13-21:19:23 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:22 -0400] "POST /webadmin.plx HTTP/1.1" 200 5063
2016:08:13-21:19:23 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:23 -0400] "GET /core/img/fieldset/fieldset_left.png HTTP/1.1" 200 217
2016:08:13-21:19:23 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:23 -0400] "GET /core/img/fieldset/fieldset_right.png HTTP/1.1" 200 198
2016:08:13-21:19:32 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:32 -0400] "POST /webadmin.plx HTTP/1.1" 200 379
2016:08:13-21:19:32 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:32 -0400] "GET /blank.html?id=5&rnd=0.03742033049617599 HTTP/1.1" 200 -
2016:08:13-21:19:32 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:32 -0400] "POST /webadmin.plx HTTP/1.1" 200 333
2016:08:13-21:19:32 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:32 -0400] "POST /webadmin.plx HTTP/1.1" 200 1562
2016:08:13-21:19:32 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:32 -0400] "POST /webadmin.plx HTTP/1.1" 200 381
2016:08:13-21:19:32 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:32 -0400] "GET /core/img/tabs/tab_inactive_left_corner.png HTTP/1.1" 200 195
2016:08:13-21:19:32 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:32 -0400] "GET /core/img/tabs/tab_inactive.png HTTP/1.1" 200 140
2016:08:13-21:19:32 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:32 -0400] "GET /core/img/tabs/tab_inactive_right_corner.png HTTP/1.1" 200 202
2016:08:13-21:19:32 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:32 -0400] "GET /core/img/tabs/tab_selected.png HTTP/1.1" 200 216
2016:08:13-21:19:32 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:32 -0400] "GET /core/img/tabs/tab_selected_left_corner.png HTTP/1.1" 200 266
2016:08:13-21:19:32 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:32 -0400] "GET /core/img/tabs/tab_selected_right_corner.png HTTP/1.1" 200 276
2016:08:13-21:19:34 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:32 -0400] "POST /webadmin.plx HTTP/1.1" 200 20386
2016:08:13-21:19:42 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:42 -0400] "POST /webadmin.plx HTTP/1.1" 200 383
2016:08:13-21:19:42 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:42 -0400] "GET /blank.html?id=6&rnd=0.31953148728637304 HTTP/1.1" 200 -
2016:08:13-21:19:42 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:42 -0400] "POST /webadmin.plx HTTP/1.1" 200 333
2016:08:13-21:19:42 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:42 -0400] "POST /webadmin.plx HTTP/1.1" 200 1478
2016:08:13-21:19:42 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:42 -0400] "POST /webadmin.plx HTTP/1.1" 200 385
2016:08:13-21:19:42 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:42 -0400] "POST /webadmin.plx HTTP/1.1" 200 1399
2016:08:13-21:19:43 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:43 -0400] "POST /webadmin.plx HTTP/1.1" 200 384
2016:08:13-21:19:43 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:43 -0400] "GET /blank.html?id=7&rnd=0.8143595786744848 HTTP/1.1" 200 -
2016:08:13-21:19:43 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:43 -0400] "POST /webadmin.plx HTTP/1.1" 200 335
2016:08:13-21:19:43 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:43 -0400] "POST /webadmin.plx HTTP/1.1" 200 1720
2016:08:13-21:19:43 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:43 -0400] "POST /webadmin.plx HTTP/1.1" 200 381
2016:08:13-21:19:43 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:43 -0400] "POST /webadmin.plx HTTP/1.1" 200 919
2016:08:13-21:19:43 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:43 -0400] "GET /wfe/asg/js/dynamic_includes/_reportconfig_web.min.js?rnd=0.2877398576972161 HTTP/1.1" 200 2450
2016:08:13-21:19:44 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:43 -0400] "POST /webadmin.plx HTTP/1.1" 200 2531
2016:08:13-21:19:44 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:44 -0400] "GET /core/img/divider.png HTTP/1.1" 200 77
2016:08:13-21:19:44 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:44 -0400] "GET /core/img/icons/home.png HTTP/1.1" 200 612
2016:08:13-21:19:44 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:44 -0400] "GET /core/img/icons/lightgreen_arrow_left.png HTTP/1.1" 200 685
2016:08:13-21:19:44 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:44 -0400] "GET /core/img/icons/cancel.png HTTP/1.1" 200 518
2016:08:13-21:19:44 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:44 -0400] "GET /core/img/icons/download.png HTTP/1.1" 200 631
2016:08:13-21:19:44 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:44 -0400] "GET /core/img/icons/download_pdf.png HTTP/1.1" 200 566
2016:08:13-21:19:44 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:44 -0400] "GET /core/img/icons/lightgreen_arrow_right.png HTTP/1.1" 200 745
2016:08:13-21:19:44 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:44 -0400] "GET /core/img/blank16x16.gif HTTP/1.1" 200 80
2016:08:13-21:19:44 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:44 -0400] "GET /core/img/dashboard/arrow_down.png HTTP/1.1" 200 101
2016:08:13-21:19:44 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:44 -0400] "GET /core/img/icons/download_csv.png HTTP/1.1" 200 664
2016:08:13-21:19:44 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:44 -0400] "GET /core/img/icons/plus.png HTTP/1.1" 200 523
2016:08:13-21:19:44 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:44 -0400] "GET /core/img/icons/send.png HTTP/1.1" 200 406
2016:08:13-21:19:44 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:19:44 -0400] "GET /core/img/icons/pie_chart.png HTTP/1.1" 200 919
2016:08:13-21:20:00 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:20:00 -0400] "POST /webadmin.plx HTTP/1.1" 200 380
2016:08:13-21:20:00 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:20:00 -0400] "GET /blank.html?id=8&rnd=0.22934053600031712 HTTP/1.1" 200 -
2016:08:13-21:20:00 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:20:00 -0400] "POST /webadmin.plx HTTP/1.1" 200 333
2016:08:13-21:20:00 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:20:00 -0400] "POST /webadmin.plx HTTP/1.1" 200 1554
2016:08:13-21:20:00 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:20:00 -0400] "GET /core/img/trafficlights/traffic_small_green.png HTTP/1.1" 200 797
2016:08:13-21:20:00 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:20:00 -0400] "GET /core/img/trafficlights/traffic_small_red.png HTTP/1.1" 200 813
2016:08:13-21:20:00 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:20:00 -0400] "POST /webadmin.plx HTTP/1.1" 200 380
2016:08:13-21:20:00 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:20:00 -0400] "POST /webadmin.plx HTTP/1.1" 200 2957
2016:08:13-21:20:00 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:20:00 -0400] "GET /core/img/status_slider/slider_on.png HTTP/1.1" 200 433
2016:08:13-21:20:00 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:20:00 -0400] "GET /core/img/icons/check.png HTTP/1.1" 200 415
2016:08:13-21:20:09 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:20:09 -0400] "GET /blank.html?id=9&rnd=0.8557078531982647 HTTP/1.1" 200 -
2016:08:13-21:20:09 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:20:09 -0400] "POST /webadmin.plx HTTP/1.1" 200 381
2016:08:13-21:20:09 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:20:09 -0400] "POST /webadmin.plx HTTP/1.1" 200 333
2016:08:13-21:20:09 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:20:09 -0400] "POST /webadmin.plx HTTP/1.1" 200 1408
2016:08:13-21:20:09 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:20:09 -0400] "POST /webadmin.plx HTTP/1.1" 200 384
2016:08:13-21:20:10 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:20:09 -0400] "POST /webadmin.plx HTTP/1.1" 200 12893
2016:08:13-21:20:10 constable httpd: 203.192.151.103 - - [13/Aug/2016:21:20:10 -0400] "GET /core/img/box/widget_center.png HTTP/1.1" 200 147

0 sachingurung over 8 years ago

Hi Michael,

Did you configure UDP 443 to drop through a firewall rule or any Anti-DoS configurations for UDP packets ?

HTTP log- do not show any traffic drops.

Also, try restarting httpproxy, take SSH to UTM and login as root, execute: /var/mdw/scripts/httpproxy restart

Thanks

Sachin Gurung
Team Lead | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 MichaelHess over 8 years ago in reply to sachingurung

On the firewall, I have only added rules to allow traffic to pass (on specific ports, to specific sites), no rules to drop traffic.

On the Anti-DOS/Flooding and Anti-Portscan, All are enabled, I have not changed the Attack Patterns at all.

Their settings are:

TCP Mode: Source and Destination Address

TCP Logging: Limited

TCP Source Rate: 100

TCP Dest Rate: 200

UDP Mode: Source and Destination Address

UDP Logging: Limited

UDP Source Rate: 200

UDP Dest Rate: 300

ICMP Mode: Source and Destination Address

IMCP Logging: Limited

IMCP Source Rate: 10

IMCP Dest Rate: 20

Anti-Portscan Action: Drop Traffic,

Anti-Portscan Limit Logging enabled

I just did the httpproxy restart you listed. Youtube now works! I will test it for a day or two, and then if it is still working, I will mark this issue as resolved. The reason I want to wait is that it would occasionally work for short periods of time (an hour or two) while I was having this issue. Thank you for your help.
Cancel
Vote Up 0 Vote Down

Cancel
0 MichaelHess over 8 years ago in reply to MichaelHess
Well, that did not last long. I just closed my browser (Chrome) and reopened it a few minutes later, and tried Youtube, and this again:

This site can’t be reached

The connection was reset.

Try:

Checking the connection

Checking the proxy and the firewall

ERR_CONNECTION_RESET
Cancel
Vote Up 0 Vote Down

Cancel
0 NicholasDibble over 8 years ago in reply to MichaelHess

I have also been running the Sophos UTM 9 for the last 3 years or so and no issues. However, after the latest firmware update, I am getting really really weird packet drops from the firewall. For example, I cannot connect to hangouts.google.com at all through the Sophos anymore and many other legitimate sites. When I use a private VPN service or bypass the Sophos, there are no problems at all accessing sites. There has been no configuration changes on my end other than applying firmware update.

For example, here is when I am trying to access Google Hangouts and its showing DNS requests being dropped...Huh? Ive removed all Firewall rules accepted for Internal Network Any for Any Service to Any Destination..

2016:08:14-11:24:29 thor ulogd[4536]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="00:01:5c:71:c4:46" dstmac="80:ee:73:83:6a:d8" srcip="216.58.216.78" dstip="XX.XX.XXX.XX" proto="6" length="52" tos="0x00" prec="0x00" ttl="53" srcport="80" dstport="50583" tcpflags="ACK FIN"
2016:08:14-11:24:39 thor ulogd[4536]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="00:01:5c:71:c4:46" dstmac="80:ee:73:83:6a:d8" srcip="216.58.216.78" dstip="XX.XX.XXX.XX" proto="6" length="52" tos="0x00" prec="0x00" ttl="53" srcport="80" dstport="50583" tcpflags="ACK FIN"
2016:08:14-11:24:49 thor ulogd[4536]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="00:01:5c:71:c4:46" dstmac="80:ee:73:83:6a:d8" srcip="216.58.216.78" dstip="XX.XX.XXX.XX" proto="6" length="52" tos="0x00" prec="0x00" ttl="53" srcport="80" dstport="50583" tcpflags="ACK FIN"
2016:08:14-11:24:53 thor ulogd[4536]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="00:01:5c:71:c4:46" dstmac="80:ee:73:83:6a:d8" srcip="14.176.196.4" dstip="XX.XX.XXX.XX" proto="6" length="44" tos="0x00" prec="0x00" ttl="43" srcport="56458" dstport="23" tcpflags="SYN"
2016:08:14-11:25:35 thor ulogd[4536]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="00:01:5c:71:c4:46" dstmac="80:ee:73:83:6a:d8" srcip="216.58.216.78" dstip="XX.XX.XXX.XX" proto="6" length="52" tos="0x00" prec="0x00" ttl="53" srcport="443" dstport="50599" tcpflags="ACK FIN"
2016:08:14-11:25:51 thor ulogd[4536]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="00:01:5c:71:c4:46" dstmac="80:ee:73:83:6a:d8" srcip="105.157.138.161" dstip="XX.XX.XXX.XX" proto="6" length="44" tos="0x00" prec="0x00" ttl="42" srcport="36007" dstport="23" tcpflags="SYN"
2016:08:14-11:25:55 thor ulogd[4536]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="00:01:5c:71:c4:46" dstmac="80:ee:73:83:6a:d8" srcip="218.22.115.165" dstip="XX.XX.XXX.XX" proto="6" length="40" tos="0x00" prec="0x00" ttl="97" srcport="6000" dstport="1433" tcpflags="SYN"
2016:08:14-11:27:01 thor ulogd[4536]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="00:01:5c:71:c4:46" dstmac="80:ee:73:83:6a:d8" srcip="216.58.216.78" dstip="XX.XX.XXX.XX" proto="1" length="576" tos="0x00" prec="0x00" ttl="53" type="11" code="1"
2016:08:14-11:27:01 thor ulogd[4536]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="00:01:5c:71:c4:46" dstmac="80:ee:73:83:6a:d8" srcip="216.58.216.78" dstip="XX.XX.XXX.XX" proto="1" length="576" tos="0x00" prec="0x00" ttl="53" type="11" code="1"
2016:08:14-11:27:01 thor ulogd[4536]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="00:01:5c:71:c4:46" dstmac="80:ee:73:83:6a:d8" srcip="216.58.216.78" dstip="XX.XX.XXX.XX" proto="1" length="576" tos="0x00" prec="0x00" ttl="53" type="11" code="1"
2016:08:14-11:27:01 thor ulogd[4536]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="00:01:5c:71:c4:46" dstmac="80:ee:73:83:6a:d8" srcip="216.58.216.78" dstip="XX.XX.XXX.XX" proto="1" length="576" tos="0x00" prec="0x00" ttl="53" type="11" code="1"
2016:08:14-11:27:01 thor ulogd[4536]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="00:01:5c:71:c4:46" dstmac="80:ee:73:83:6a:d8" srcip="216.58.216.78" dstip="XX.XX.XXX.XX" proto="1" length="576" tos="0x00" prec="0x00" ttl="53" type="11" code="1"
2016:08:14-11:27:02 thor ulogd[4536]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="00:01:5c:71:c4:46" dstmac="80:ee:73:83:6a:d8" srcip="216.58.216.78" dstip="XX.XX.XXX.XX" proto="1" length="576" tos="0x00" prec="0x00" ttl="53" type="11" code="1"
2016:08:14-11:27:03 thor ulogd[4536]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="00:01:5c:71:c4:46" dstmac="80:ee:73:83:6a:d8" srcip="216.58.216.78" dstip="XX.XX.XXX.XX" proto="1" length="576" tos="0x00" prec="0x00" ttl="53" type="11" code="1"
2016:08:14-11:27:05 thor ulogd[4536]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="00:01:5c:71:c4:46" dstmac="80:ee:73:83:6a:d8" srcip="216.58.216.78" dstip="XX.XX.XXX.XX" proto="1" length="576" tos="0x00" prec="0x00" ttl="53" type="11" code="1"
Cancel
Vote Up 0 Vote Down

Cancel
+1 apijnappels over 8 years ago

Are you all having trouble after updating to 9.405-5? If so, you might be affected by the changes in how UTM deals MTU DHCP messages from your provider.

See this thread for a little more info on it.

Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.
Cancel
Vote Up 0 Vote Down

Cancel
0 MichaelHess over 8 years ago in reply to apijnappels

The change to the MTU settings was the cause.

Once I removed the auto-inherent MTU from my Internet Provider and set it manually to 1500, the issue went away.

Thanks apijnappels!
Cancel
Vote Up 0 Vote Down

Cancel

HTTPS Traffic Dropped

This site can’t be reached

Submitted a Tech Support Case lately from the Support Portal?