Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 2 answers
  • Subscribers 4 subscribers
  • Views 6966 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Drop connection question

AreshAreshi

Hi Guy's,

Since last week I see lots of drop connections on port tcp 5294, we dont use this port at all and that is why UTM drop them, I would like to know if this drop connection will have any effect on our device? I mean becaus I see 2 or 3 drop connections per second, would this impact our device in anyway? or I shouldn't give any attention to it?

 

2017:05:06-00:04:11 securitysrv1-2 ulogd[18643]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="54:e0:38:86:76:9a" dstmac="00:2a:8c:f0:1f:a0" srcip="178.XX.XX.163" dstip="62.XX.XX.184" proto="6" length="60" tos="0x00" prec="0x00" ttl="54" srcport="51326" dstport="5294" tcpflags="SYN"

 

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hi Aresh,

    Why did my packet match rule 60001? Check, Packetfilter logfiles on the Sophos UTM. Any help?

    I think you have a customized rule to forward specific services through the UTM, which causes 5294 port dropped through the UTM.

    Cheers-

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0 in reply to sachingurung

    Hi sachingurung,

    Thanks as always for your replay,

    Right now we know why the packages are droping, the reson for it is that port 5294 is not forwarded on the UTM to any device on LAN that is why UTM drop them.

    Mmy question is, does the 100,000 dropted packages in 24 hours will have negative impact on the performance of our SG310 device? we will correct this issue of droping packages but it will take sometimes to contact the source IP to correct the indexing program on thier end.

     

    Thanks

  • 0 in reply to AreshAreshi

    AreshAreshi said:

    Mmy question is, does the 100,000 dropted packages in 24 hours will have negative impact on the performance of our SG310 device?

    100,000 dropped packages in 24h aren't that much as decreasing your performance in a noticably way on a SG310, I think.

    Of course it depends what else workloads the device has to compute. Maybe you could calculate the cpu cycles in theory but in practice I think this didn't count.

    ASAP correct the issue but till then there should be no problem.

    Best

    Alex

    -

Reply
  • 0 in reply to AreshAreshi

    AreshAreshi said:

    Mmy question is, does the 100,000 dropted packages in 24 hours will have negative impact on the performance of our SG310 device?

    100,000 dropped packages in 24h aren't that much as decreasing your performance in a noticably way on a SG310, I think.

    Of course it depends what else workloads the device has to compute. Maybe you could calculate the cpu cycles in theory but in practice I think this didn't count.

    ASAP correct the issue but till then there should be no problem.

    Best

    Alex

    -

Children
No Data
Unfiltered HTML