Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 3 subscribers
  • Views 3757 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Rule problem

Chris Sandbach

hi all, new to the utm world.

 

i have an issue with an app i have on a phone, it seems when transparent web filtering is on it cant connect to its server.

 

I have added an exception in the web filter despite it not set to block anything to its url. However I see a lot of dropped packets in the firewall - I put a rule in

 

Internal Network > Any > Any allow, but still it doesnt want to work with web filtering turned on.

Here are the logs if anyone could point me in the right direction, it would be most appreciated.

2016:10:13-23:03:10 crankyutm ulogd[20299]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" srcip="192.168.2.18" dstip="8.8.8.8" proto="17" length="45" tos="0x00" prec="0x00" ttl="64" srcport="34611" dstport="53" info="nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
2016:10:13-23:03:11 crankyutm ulogd[20299]: id="2000" severity="info" sys="SecureNet" sub="packetfilter" name="Packet logged" action="log" fwrule="0" srcip="192.168.2.18" dstip="8.8.8.8" proto="17" length="45" tos="0x00" prec="0x00" ttl="64" srcport="6089" dstport="53" info="nf_ct_dns: dropping packet: DNS packet of insuffient length: 25
2016:10:13-23:03:15 crankyutm ulogd[20299]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="00:1d:aa:a3:bf:70" dstmac="00:1a:8c:14:15:4d" srcip="54.247.164.93" dstip="192.168.2.18" proto="6" length="40" tos="0x00" prec="0x00" ttl="254" srcport="80" dstport="40925" tcpflags="RST" 
2016:10:13-23:03:15 crankyutm ulogd[20299]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="00:1d:aa:a3:bf:70" dstmac="00:1a:8c:14:15:4d" srcip="54.247.164.93" dstip="192.168.2.18" proto="6" length="40" tos="0x00" prec="0x00" ttl="254" srcport="80" dstport="40959" tcpflags="RST"


This thread was automatically locked due to age.
  • 0

    Hi Chris,

    2016:10:13-23:03:15 crankyutm ulogd[20299]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001"
    initf="eth1" srcmac="00:1d:aa:a3:bf:70" dstmac="00:1a:8c:14:15:4d" srcip="54.247.164.93" dstip="192.168.2.18" proto="6" length="40" tos="0x00" prec="0x00" ttl="254" srcport="80" dstport="40925" tcpflags="RST"

    Those are drops for the incoming packets on UTM, refer this for further information.

    Please post afc.log and http.log when you try to run the application. What is the application name? Also, show us the configured exception policy and a picture of application protection.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0

    The first two lines indicate that your app is sending bad DNS requests.  The second two lines are RST packets and indicate no problem - the connection tracker believes the conversation with the web server had concluded.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML