Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 2972 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Tracking packets through the firewall?

BrianRobison
Hi all.  I'm still working on the VPN to a vendor-hosted server in Rackspace.  Their server is attempting to do TFTP writes to 5 timeclocks, and one is failing.  I have Wireshark captures from the Internal interface of the firewall, and they show the TFTP write traffic coming from the server, the ACKs from the timeclock, and the timeouts coming back from the server.  Given that the same policies are covering all 5 time clocks, the problem has to be on their end, but is there any way to conclusively debug the path the packet takes through the firewall, on its way out the VPN?
TIA,
Brian


This thread was automatically locked due to age.
Parents
  • 0
    Brian, you can get the REF_ of the IPsec connection with

    cc get IPsec connections


    In my case, out of several, I wanted REF_IpsSitUtmInAws, so I ran the following command:

    espdump -n --conn REF_IpsSitUtmInAws -vv


    Does that give you what you need?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Brian, you can get the REF_ of the IPsec connection with

    cc get IPsec connections


    In my case, out of several, I wanted REF_IpsSitUtmInAws, so I ran the following command:

    espdump -n --conn REF_IpsSitUtmInAws -vv


    Does that give you what you need?

    Cheers - Bob


    Thanks!  I'll look into it.
Reply
  • 0 in reply to BAlfson
    Brian, you can get the REF_ of the IPsec connection with

    cc get IPsec connections


    In my case, out of several, I wanted REF_IpsSitUtmInAws, so I ran the following command:

    espdump -n --conn REF_IpsSitUtmInAws -vv


    Does that give you what you need?

    Cheers - Bob


    Thanks!  I'll look into it.
Children
No Data
Unfiltered HTML