This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM communcating via SNMP - blocked by firewall

Hi everyone,

my Sophos UTM tries to contact the Sophos AP30 via UDP 161 - SNMP protocol
But without having any rules specified in Firewall tab, following log entries are shown in the Firewall log:

For your understanding:
10.10.1.0/24 is my hotspot WiFi
10.10.1.1 is the Sophos UTM NIC
10.10.1.3 is an unknown IP adress and NOT listed in any dhcp Servers

10.250.1.0/24 is my internal Sophos LAN
10.250.1.2 is the Sophos UTM NIC

10.0.0.0/? or IP 10.0.0.15 is completely unknown for me.
but: the Destination mac 0:1a:8c:a:8c:0 is the AP30


11:37:18 Standard-VERWERFEN UDP   
10.10.1.3 : 55223 
 → 
10.0.0.15 : 161 
   
len=74 ttl=127 tos=0x00 srcmac=fc:f8:ae:cd:6c:b6 dstmac=0:1a:8c:a:8c:0 
 



11:37:20 Standard-VERWERFEN UDP   
10.10.1.3 : 55224 
 → 
10.0.0.15 : 161 
   
len=74 ttl=127 tos=0x00 srcmac=fc:f8:ae:cd:6c:b6 dstmac=0:1a:8c:a:8c:0 
 



11:37:20 Standard-VERWERFEN UDP   
10.10.1.3 : 52171 
 → 
10.0.0.15 : 161 
   
len=105 ttl=127 tos=0x00 srcmac=fc:f8:ae:cd:6c:b6 dstmac=0:1a:8c:a:8c:0 
 



11:37:22 Standard-VERWERFEN UDP   
10.10.1.3 : 55225 
 → 
10.0.0.15 : 161 
   
len=500 ttl=127 tos=0x00 srcmac=fc:f8:ae:cd:6c:b6 dstmac=0:1a:8c:a:8c:0 
 



11:37:25 Standard-VERWERFEN UDP   
10.10.1.3 : 55226 
 → 
10.0.0.15 : 161 
   
len=500 ttl=127 tos=0x00 srcmac=fc:f8:ae:cd:6c:b6 dstmac=0:1a:8c:a:8c:0 
 



11:37:27 Standard-VERWERFEN UDP   
10.10.1.2 : 58630 
 → 
10.0.0.15 : 161 
   
len=105 ttl=127 tos=0x00 srcmac=fc:f8:ae:cd:6c:b6 dstmac=0:1a:8c:a:8c:0 
 



11:37:27 Standard-VERWERFEN UDP   
10.10.1.3 : 55227 
 → 
10.0.0.15 : 161 
   
len=76 ttl=127 tos=0x00 srcmac=fc:f8:ae:cd:6c:b6 dstmac=0:1a:8c:a:8c:0 
 



11:37:31 Standard-VERWERFEN UDP   
10.10.1.3 : 52171 
 → 
10.0.0.15 : 161 
   
len=105 ttl=127 tos=0x00 srcmac=fc:f8:ae:cd:6c:b6 dstmac=0:1a:8c:a:8c:0 
 



11:37:36 Standard-VERWERFEN UDP   
10.10.1.2 : 49975 
 → 
10.0.0.15 : 161 
   
len=76 ttl=127 tos=0x00 srcmac=fc:f8:ae:cd:6c:b6 dstmac=0:1a:8c:a:8c:0 
 



11:37:36 Standard-VERWERFEN UDP   
10.10.1.2 : 58630 
 → 
10.0.0.15 : 161 
   
len=105 ttl=127 tos=0x00 srcmac=fc:f8:ae:cd:6c:b6 dstmac=0:1a:8c:a:8c:0 
 



11:37:47 Standard-VERWERFEN UDP   
10.10.1.2 : 58630 
 → 
10.0.0.15 : 161 
   
len=105 ttl=127 tos=0x00 srcmac=fc:f8:ae:cd:6c:b6 dstmac=0:1a:8c:a:8c:0

UTM Firmware Version: 9.205-12

This thread was automatically locked due to age.

Parents

0 BAlfson over 10 years ago

DK, please edit your post and replace the lines from the Live Log with the corresponding lines from the firewall log file.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 10 years ago

DK, please edit your post and replace the lines from the Live Log with the corresponding lines from the firewall log file.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 RFCat_vk_01 over 10 years ago in reply to BAlfson

Hi,
depends on what is between the AP30 and the UTM?
Also if the AP30 is correctly configured you don't need any firewall rules.

So, please post screen shots of your wireless security setup.

Ian,
Cancel
Vote Up 0 Vote Down

Cancel