PLEASE READ Advisory: Kernel memory issue affecting multiple OS (aka F**CKWIT, KAISER, KPTI, Meltdown & Spectre) for the latest updates.
We'd love to hear about it! Click here to go to the product suggestion community
I am so confused. I have been using the Sophos UTM 9 (at home) for years and have been very satisfied with it. However, very recently something has changed and I have no idea what because the reality is that I make very little changes to the firewall. By that I literally mean like adding Static Mappings to DHCP and updating the firmware.
Anyway, as of about a week ago I can no longer receive work e-mails at home. My Microsoft Outlook client, my cell phone mail client, and OWA will NOT connect. Everything times out. No matter what I do.
Keep in mind that my devices have always been in a "Bypass Firewall" group due to that whole debacle and workaround to get Netflix and other services workings, from years ago. The only way for me to receive e-mail while at home is by (1) connecting my laptop to my work VPN and (2) disconnecting my cell phone from my wireless network.
Please advise. Thanks.
Do you see anything related to those accesses in the Firewall or Web Filtering logs?
Cheers - Bob
In reply to BAlfson:
No. That is part of the confusion. The fact that I am already bypassing the firewall for my devices, there is nothing (at least as logs are concerned) being blocked. It simply does not work.
In reply to Juscelino:
Please make sure to have the logging option enabled and to set it on the first position of your Firewall Rules
to see allowed traffic processed by your Bypass rule (per default you'll only see droped traffic).
if you temporarily create a "Lan to Internet Allow Any, Log enabled" at the top of your rules you should be able to see the traffic caused by your devices.
if we know if and what traffic happens we should be able to see why it don't work.
In reply to lna:
Thank you for the suggestion. I created the rule. Does the following image of my firewall log help?
Hi Juscelino,if you are not an google employee than this is not your work public ip.the Subnet 18.104.22.168/16 is owned by google, are you using Gmail-Pro at work?
if not, we don't see any mail related traffic in this log.
is there anything in IPS log?
I know for a fact that our e-mails flow via Google, including SMTP relay and incoming messages. However, I also know for a fact that we connect all clients directly to an in-house Exchange Server. So my "rejections" are for certain to our in-house Exchange Server, located behind a Cisco ASA firewall. I can look around in the Cisco ASA firewall, but I am not an expert and do not know what to look for.
Here is the only thing that I see in my IPS log:
Interesting. Try doubling the packets/second rates for UDP flooding on the 'Anti-DoS/Flooding' tab. Does that fix your problem?
I completely disabled UDP Flood Protection and same results.
That's not possible. If UDP Anti-flooding is disabled, you won't have any blocks due to UDP flooding in the Intrusion Prevention log.
Bob - I get what you are saying regarding disabling UDP Flood Protection. I did try doubling those rates and nothing changed. Any other ideas? I am so lost. This is so inconvenient.