Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 2858 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No srcmac or dstmac on firewall live log

Brett Killen

Hi I have a UTM SG115 ver 9.501-3 with 2 WAN interfaces one on ETH1 and one one ETH2. The one on ETH1 is an ADSL service connected via an bridged D-Link modem. I am unable to access the internal network via the service on ETH1 and on the Firewall live log I only get len, ttl and tos no srcmac or dstmac e.g.
09:43:27 NAT rule #4 UDP 1.128.110.227:27929→ 139.xxx.xxx.xx :2002
len=60 ttl=54 tos=0x00
09:43:36 Country blocked TCP 5.188.62.91 :44103→139.xxx.xxx.xx:34706
[SYN] len=40 ttl=232 tos=0x00
Could the bridged modem be causing this and is it an indication as to why i can't access the internal network via this IP.



This thread was automatically locked due to age.
Parents
  • 0

    The live log is a subset of the entire data available in the fulll log.   Use view lig or log search instead of live log.

  • 0 in reply to DouglasFoster

    Thanks Douglas

    I checked the other log and everything looks the same between the two interfaces except that the srcmac and dstmac are missing from the WAN on ETH1

    Not sure if this is my issue but would like to know if its being blcoked somewhere.

  • 0 in reply to Brett Killen

    Hi Brett and welcome to the UTM Community!

    Doug was pointing you at the full log file in 'Logging & Reporting >> View Log Files'.  Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly.  Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file.

    The srcmac for inbound packets on a WAN interface will always be that of the ISP's last-hop router in front of you.  The dstmac will always be that of eth1.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to Brett Killen

    Hi Brett and welcome to the UTM Community!

    Doug was pointing you at the full log file in 'Logging & Reporting >> View Log Files'.  Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly.  Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file.

    The srcmac for inbound packets on a WAN interface will always be that of the ISP's last-hop router in front of you.  The dstmac will always be that of eth1.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML