Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Advisory: Sophos XG Firewall - Antivirus service stopped due to failed pattern update. Please visit this KBA for the latest updates
We'd love to hear about it! Click here to go to the product suggestion community
I've a Sophos XG Firewall on a VM in my homelab (lastest release available), configured in transparent mode, so his IP is on a bridge pair.
I'm trying to add Active Directory Authentication, but my firewall can't connect to my primary DC. I've checked the traffic with drop-packet-capture, and the firewall drop his own traffic because of "IP_SPOOF".
Apparently, my Sophos XG send his packet without providing his MAC address and he drop it.
I've tried to add a FW rule to accept traffic from my firewall network range to my DC and to add a exclusion with the MAC of the bridge pair but that obviously did'nt worked.
Can you help me with that issue?
Can you disable the spoof protection?
And try again?
Hi Thomas Delcampe,
Can you share the logs and traffic detail for this IP spoofing?
In reply to H_Patel:
Spoofing is already deactivated...
Here is a log :
2020-02-20 20:11:36 0119021 IP 10.10.1.253.51044 > 10.10.100.1.389 : proto TCP: R 3947871165:3947871165(0) checksum : 50647 0x0000: 4500 0028 f55f 4000 3f06 cc5e 0a0a 01fd E..(._@.?..^.... 0x0010: 0a0a 6401 c764 0185 eb4f bbbd 0000 0000 ..d..d...O...... 0x0020: 5004 0000 c5d7 0000 P....... Date=2020-02-20 Time=20:11:36 log_id=0119021 log_type=Firewall log_component=IP_Spoof log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2 out_dev= inzone_id=2 outzone_id=0 source_mac= dest_mac= l3_protocol=IP source_ip=10.10.1.253 dest_ip=10.10.100.1 l4_protocol=TCP source_port=51044 dest_port=389 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 proxy_flags=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=0 inmark=0x8001 nfqueue=0 scanflags=0 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=0 connid=975732160 masterid=0 status=398 state=8 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A