We'd love to hear about it! Click here to go to the product suggestion community
Noticed my Application Policy is blocking something being classified as "Tiger VPN", which I don't have. Looking up the IP address, it appears to be related to AT&T Wifi calling. Here is the firewall log:
2018-07-17 09:56:36Application Filtermessageid="17051" log_type="Content Filtering" log_component="Application" log_subtype="Denied" fw_rule_id="9" user="" user_group="" appfilter_policy_id="10" category="Proxy and Tunnel" app_name="Tiger VPN" app_risk="5" app_technology="Client Server" app_category="Proxy and Tunnel" src_ip="220.127.116.11" src_country="USA" dst_ip="172.16.16.31" dst_country="R1" protocol="UDP" src_port="4500" dst_port="4500" bytes_sent="0" bytes_received="0" status="Deny" message="" appresolvedby="Signature"
Posting this for anyone else that might run into this issue. Hopefully Sophos can use this information to update how wifi calling is being classified.
I will forward the request to verify the classification for this application signature.
Thanks for the information.
I will require a Packet Capture file for investigation. Could you please configure a plain firewall rule with all the filtering modules set to NONE for a particular source IP address; take 18.104.22.168 as in the logs? Then initiate a packet capture, while using the AT&T calling feature. PM me this pcap file, it will help us investigate the packet flow and provide you an update about the classification.
In reply to sachingurung:
I'm not sure how to export a pcap file. I've configured the firewall rule and I enabled Packet Capturing for the specified source address, which appears to be logging the traffic but there's no option to export the data from the web GUI.
This is still happening, just FYI. I have two brand new XG 210s and users started reporting that AT&T wifi calling was failing. Sure enough, it is classifying it as TigerVPN. I took TigerVPN out of the application control rules, and wifi calling resumed functioning.
In reply to hillbillyIT:
I think I have a similar classification issue with both of my MBPs being reported as using a VPN360. I have no idea which application is generating the traffic. The VPN360 is supposed to be installed, but I can't find it anywhere when searching.
I suppose I could create general access rule for my MBP to see what happens in the logs.
In reply to rfcat_vk:
Still happening - I have flagged this up and sent a PCAP to Sophos.
Just adding that O2 WiFi Calling is also being reported as Tiger VPN.