Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF issues

Im having issues with published websites via WAF, intermittent not loading for external users.

Currently in the process of moving our published sites from UTM to XG but getting some issues, have about 5 sites setup so far and all of them have the same issues, intermittent connections from external pages not loading.  I have been able to replicate this myself, at first I was thinking maybe its an issue with the sites etc, so I published a basic website external and still get the issue.  All the sites work fine internal and are on different servers so we know its not that.

The link is working fine and not dropping, and speed is not an issue as its a 1GB link.  

One thing I have noticed is that when its fails there is loads of "Could not associate packet to any connection" appears in the logs, reading up on this it appears to be normal behavior but seems odd as only occurs when the sites are accessed and fail to load. 

 

messageid="01001" log_type="Firewall" log_component="Invalid Traffic" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="0" policy_type="0" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" in_interface="" out_interface="" src_mac="" src_ip="MY EXTERNAL IP HERE" src_country="" dst_ip="FIREWALL IP HERE" dst_country="" protocol="TCP" src_port="50838" dst_port="443" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="Could not associate packet to any connection." appresolvedby="Signature" app_is_cloud="0"

 

Any ideas ?  Thanks 



This thread was automatically locked due to age.
Parents Reply
  • Duncan,

    I am not sure if you have WAF service on v17.x

    Could you run the command "service -S" and see if you have WAF service?

    If you have it, then run:

    service WAF:debug -ds nosync

    and

    tail –f /log/reverseproxy.log

    you should see more even if the service is in debug mode.

    Regards

Children