Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 18089 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Google playstore

newage
Unable to access google playstore from any android devices behind sophos.
playstore store shows "no connection Retry"
internet accessible.
IPS off
Web filtering on with HTTPS scanning enabled


when https scanning is disabled in profiles mode its loading without any issues
the firewall is configured in Active directory with transparent mode and browser authentication.


This thread was automatically locked due to age.
Parents
  • 0
    There are only two lines that are interesting.

    2013:06:18-18:15:38 SMBfirewall ulogd[4379]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="20:64:32:33:51:8c" dstmac="80:c1:6e:f6:a4:9d" srcip="192.168.1.147" dstip="74.125.141.188" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="50137" dstport="5228" tcpflags="SYN"

    60002 is the default drop rule for traffic passing through the firewall.  Apparently, you need to allow {1:65535->5228} for traffic from "Internal (Network)" to 74.125.141.188 or some subnet that includes that IP.

    2013:06:18-18:38:09 SMBfirewall ulogd[4379]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" srcmac="0:13:80:40:cd:80" dstmac="c8[:D]3:a3:85[:D]:98" srcip="89.133.149.253" dstip="220.225.194.187" proto="6" length="48" tos="0x00" prec="0x00" ttl="112" srcport="3035" dstport="3389" tcpflags="SYN" 

    60001 is the default drop rule for traffic with a dstip on your UTM.  If you have a DNAT to allow remote RDP access to an internal device, then the destination in the traffic selector needs to be changed to the "External (Address)" object created by WebAdmin when the External interface was defined.

    Cheers - Bob
  • 0 in reply to BAlfson
    i created a rule to allow port 5228 from internal port 1:65535 to destination any
    still no help
Reply Children
No Data