Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Invalid traffic violation even with proper rules applied

Hello,

 

I have a problem with communication between two servers? My firewall is rejecting packets as seen from the picture. Due to this reason both sides cannot exchange MS SQL data. Ping is also functional only from 172.21.17.50, but not reverse. I checked the wireshark on the Windows Server(172.21.17.50) and ICMP replies are sent during ping, but they are not reaching the destination(Linux 192.168.12.46). See second picture.

As you can see there is one allowed communication using rule 41. 

I relly don't know what is the cause of this, could you please anyone help?

Note: I have migrated from UTM to XG. It worked on UTM with no problem.

 

THanks

 

Lubomir Klas



This thread was automatically locked due to age.
Parents
  • This looks really strange to me.

    However I have experienced strange behaviour of the XG Firewall before:

    - Firewall did not work after some time and only a reboot helped (DHCP Server and DNS forwarding)
    - A rule was not working. Opening it, do some changes save and do the same thing backward helped

    So I'd give you these general tips:

    - Do a reboot. Test again.
    - Install latest or at least second latest firmware. Test again.

    And besides the firewall:

    - Are you sure that the clients are not causing this? Do a test with a simple router in between (e.g. a layer 3 switch)

    Is this the only rule between these networks? Otherwise check if it is really applied. Use either policy checker or create an explicit deny rule and switch on logging on all policies. Check the firewall log for entries of the involved hosts.


    If there is some aynchronic routing in the network (i think not in your case) the XG can also behave strange (haven't seen this on other firewalls):

    https://community.sophos.com/kb/en-us/132565
    https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/115136/icmp-errors-on-xg310

Reply
  • This looks really strange to me.

    However I have experienced strange behaviour of the XG Firewall before:

    - Firewall did not work after some time and only a reboot helped (DHCP Server and DNS forwarding)
    - A rule was not working. Opening it, do some changes save and do the same thing backward helped

    So I'd give you these general tips:

    - Do a reboot. Test again.
    - Install latest or at least second latest firmware. Test again.

    And besides the firewall:

    - Are you sure that the clients are not causing this? Do a test with a simple router in between (e.g. a layer 3 switch)

    Is this the only rule between these networks? Otherwise check if it is really applied. Use either policy checker or create an explicit deny rule and switch on logging on all policies. Check the firewall log for entries of the involved hosts.


    If there is some aynchronic routing in the network (i think not in your case) the XG can also behave strange (haven't seen this on other firewalls):

    https://community.sophos.com/kb/en-us/132565
    https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/115136/icmp-errors-on-xg310

Children
No Data