Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 3 subscribers
  • Views 4002 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Command line 'netstat' not showing complete results unless transparent proxy is turned on for https.

Richard Pierce

I am running UTM firmware version 9.407-3 and have three vlans (2, 3, and 4) defined on the local interface eth0. On vlan 3 I have a hub that communicates with a cloud service via https.  If transparent proxy is turned on for https, the connection clearly shows up as established using "netstat -an" from the command line.  The IP address of the hub in question is 192.168.3.113.  If I turn off transparent proxy for https and restart the UTM, netstat will not report a connection at all from 192.168.3.113 although I know that it must be there since the functionality that the hub provides continues to work with transparent proxy turned off for https. It is as if the connection is stealth.  What am I missing?  Are there other commands that will show the established connection and/or the NATing associated with this device?  As, an aside, I am using vlans to isolate IOT devices and a guest network.

thanks and thank you for UTM,

Richard



This thread was automatically locked due to age.
  • 0

    Hi, Richard, and welcome to the UTM Community!

    I'm having trouble visualizing your issue, so let me say it in my words and see if that's what you're describing.

    You have VLAN 3, 4 & 5 defined on eth0.  VLAN 3 is 192.168.3.1/24.  In VLAN 3 is a device at 192.168.3.113 that communicates with a service in the Cloud using HTTPS.

    When the HTTPS traffic is handled by the Transparent HTTP/S Proxy, you can see a connection with netstat.  When the traffic is simply allowed with a firewall rule, netstat doesn't show a connection, but the device does connect to the Cloud service.

    Maybe there's no persistent connection established with the firewall rule and it's the connection tracker manages the connection with the cloud service.

    I don't know the internals that well.  Hopefully, Sachin or another Sophos person will see your question and ask one of their developers.

    I'm not sure what else to recommend - what problem led you to try using netstat?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML