This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Network Dropping

Hey guys,

I have a small issue that I cannot seem to work out on the Cyberoam.

Its a simple config with a DHCP set up and in the same subnet a second gateway for a dedicated service. Then I have a couple of static routes to send that traffic over that IP. That IP is a Juniper Router supplied via our supplier to access their network.

On the LAN we use a small Emulator program that connects to their IP ranges on Port 23.

We are getting random time outs and disconnects on this software. If I plug direct into the Juniper its find but when back via the CR its getting the drops. Using a PING the network is not dropping so the CR is somehow dropping the connection on port 23

I have a CR15iNG - 10.6.5 MR-1

Is there some kind of "keep alive" for a certain Port / protocol etc?

no web filters, IPS, App filters are configured and the FW rule is pretty much allow everything.

Any suggestions where to look next?

This thread was automatically locked due to age.

Parents

0 M8ey over 4 years ago

Hmm  Seems the CR is dropping it as Invalid Traffic....



2019-06-12 13:05:50 0102021 IP 192.168.12.64.50391 > 10.112.230.6.23 : proto TCP: R 2619851577:26198
51577(0) checksum : 45513                                                                           
0x0000:  4500 0028 5530 4000 8006 e840 c0a8 0c40  E..(U0@....@...@                                  
0x0010:  0a70 e606 c4d7 0017 9c27 c339 189d 03bb  .p.......'.9....                                  
0x0020:  5014 0000 b1c9 0000 0000 0000 0000       P.............                                    
Date=2019-06-12 Time=13:05:50 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_sub
type=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=PortA.10 out_dev= inzone_id=0 outz
one_id=0 source_mac=8c:dc:d4:51:75:de dest_mac=00:0d:48:48:75:ab l3_protocol=IP source_ip=192.168.12
.64 dest_ip=10.112.230.6 l4_protocol=TCP source_port=50391 dest_port=23 fw_rule_id=0 live_userid=0 u
serid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 icap_id=0 app_filter_id=0 app_category_id=0 a
pp_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark
=0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid
=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_s
rc_port=N/A tran_dst_ip=N/A tran_dst_port=N/A 

The strange part is I can see other packets working fine and only after a short period of time do we get the drop out.

Very odd.

Sophos XG 450 (SFOS 18.5.1 MR-1)

Sophos R.E.D 50 x 2

Always configuring new stuff.....

Reply

0 M8ey over 4 years ago

Hmm  Seems the CR is dropping it as Invalid Traffic....



2019-06-12 13:05:50 0102021 IP 192.168.12.64.50391 > 10.112.230.6.23 : proto TCP: R 2619851577:26198
51577(0) checksum : 45513                                                                           
0x0000:  4500 0028 5530 4000 8006 e840 c0a8 0c40  E..(U0@....@...@                                  
0x0010:  0a70 e606 c4d7 0017 9c27 c339 189d 03bb  .p.......'.9....                                  
0x0020:  5014 0000 b1c9 0000 0000 0000 0000       P.............                                    
Date=2019-06-12 Time=13:05:50 log_id=0102021 log_type=Firewall log_component=Invalid_Traffic log_sub
type=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=PortA.10 out_dev= inzone_id=0 outz
one_id=0 source_mac=8c:dc:d4:51:75:de dest_mac=00:0d:48:48:75:ab l3_protocol=IP source_ip=192.168.12
.64 dest_ip=10.112.230.6 l4_protocol=TCP source_port=50391 dest_port=23 fw_rule_id=0 live_userid=0 u
serid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 icap_id=0 app_filter_id=0 app_category_id=0 a
pp_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark
=0 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=0 masterid
=0 status=0 state=0 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_s
rc_port=N/A tran_dst_ip=N/A tran_dst_port=N/A 

The strange part is I can see other packets working fine and only after a short period of time do we get the drop out.

Very odd.

Sophos XG 450 (SFOS 18.5.1 MR-1)

Sophos R.E.D 50 x 2

Always configuring new stuff.....

Children

No Data