This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos sperrt Ports

Hallo zusammen,

am Samstag haben wir unsere Sophos auf PPPOE Einwahl umgestellt. Es lief auch alles problemlos.

Seit gestern haben wir nun jedoch folgendes Problem, nämlich sperrt die Sophos alle Ports auf dem WAN Interface die von extern kommen. Von Intern nach Extern funktioniert es problemlos.Sobald wir im WAN Interface die Appliance anklicken ist die Sophos auf Port 4444 auch von extern erreichbar.

Google hat uns bereits soweit geholfen, das wir hier anscheinend eine DNAT/Portforwarding Regel brauchen. Diese haben wir auch bereits erstellt jedoch ohne erfolg. Ich hoffe das uns jemand weiterhelfen kann.

This thread was automatically locked due to age.

Parents

0 lferrara over 4 years ago

Steff,

for the DNAT, use this kb:

https://community.sophos.com/kb/en-us/122976

For the Web Interface accessible from WAN (which is unsafe) you can disable it from Administration > Device Access > HTTPS management > WAN Zone.

Regards
Cancel
Vote Up 0 Vote Down

Cancel
0 Steffi Scheu over 4 years ago in reply to lferrara

Many thanks for the quick answer.

We have created everything according to the mentioned KB, but without success. This is exactly our problem, because all ports are still closed.

The webinterface was only opened for testing, and is now closed again.
Cancel
Vote Up 0 Vote Down

Cancel
0 lferrara over 4 years ago in reply to Steffi Scheu

Go to the console and type:

drop-packet-capture "host 192.168.0.1 and port 443"

and try to connect via HTTPS and post the output.

Regards
Cancel
Vote Up 0 Vote Down

Cancel
0 Steffi Scheu over 4 years ago in reply to lferrara

We have tested this but there is no output on the console.
Cancel
Vote Up 0 Vote Down

Cancel
0 lferrara over 4 years ago in reply to Steffi Scheu

tcpdump -ni Port2 port 443

Try this.

Change the Port with the WAN Port name.
Cancel
Vote Up 0 Vote Down

Cancel
0 Steffi Scheu over 4 years ago in reply to lferrara

I have tried the tcpdump command.
But i get the error "Unkown Parameter 'Port2'"

With Port1 or Port3 works the command.

I have read we have to set an Alias to the WAN Interface to get the Port Forwarding working? Is this correct?
In the Business Application Rules other people have the option "Forward type". In our XG this is not visible.. is here a failure?
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Steffi Scheu over 4 years ago in reply to lferrara

I have tried the tcpdump command.
But i get the error "Unkown Parameter 'Port2'"

With Port1 or Port3 works the command.

I have read we have to set an Alias to the WAN Interface to get the Port Forwarding working? Is this correct?
In the Business Application Rules other people have the option "Forward type". In our XG this is not visible.. is here a failure?
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 lferrara over 4 years ago in reply to Steffi Scheu

Please share the output.

You can port forward on alias and on the wan port als.

For WAF, you need to create a Business Application Rule (on version 17.x). On v18, create a Firewall rule and as action use "protect with.."

Regards
Cancel
Vote Up 0 Vote Down

Cancel
0 Steffi Scheu over 4 years ago in reply to lferrara

Hi Luk,

i have attached you a Screenshot with the error.

Now i have upgraded the XG to 18.0.0 but with no luck.
Cancel
Vote Up 0 Vote Down

Cancel
0 Steffi Scheu over 4 years ago in reply to lferrara

Okay, the command works:

11:24:17.780553 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 914529, win 2048, options [nop,nop,TS val 435766694 ecr 2766753560,nop,nop,sack 2 {931185:942289}{915917:929797}], length 0
11:24:17.781123 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 947841:949229, ack 3931, win 141, options [nop,nop,TS val 2766753639 ecr 435766651], length 1388
11:24:17.781611 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 949229:950617, ack 3931, win 141, options [nop,nop,TS val 2766753639 ecr 435766652], length 1388
11:24:17.781808 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 950617:952005, ack 3931, win 141, options [nop,nop,TS val 2766753639 ecr 435766652], length 1388
11:24:17.781869 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 914529, win 2048, options [nop,nop,TS val 435766697 ecr 2766753560,nop,nop,sack 2 {931185:943677}{915917:929797}], length 0
11:24:17.781954 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 914529, win 2048, options [nop,nop,TS val 435766699 ecr 2766753560,nop,nop,sack 2 {931185:945065}{915917:929797}], length 0
11:24:17.784965 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 914529, win 2048, options [nop,nop,TS val 435766712 ecr 2766753560,nop,nop,sack 2 {931185:946453}{915917:929797}], length 0
11:24:17.785023 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 914529, win 2048, options [nop,nop,TS val 435766713 ecr 2766753560,nop,nop,sack 2 {931185:947841}{915917:929797}], length 0
11:24:17.786123 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 914529, win 2048, options [nop,nop,TS val 435766714 ecr 2766753560,nop,nop,sack 2 {931185:949229}{915917:929797}], length 0
11:24:17.787475 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 914529, win 2048, options [nop,nop,TS val 435766715 ecr 2766753560,nop,nop,sack 2 {931185:950617}{915917:929797}], length 0
11:24:17.787720 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 952005:953393, ack 3931, win 141, options [nop,nop,TS val 2766753646 ecr 435766655], length 1388
11:24:17.788367 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 914529, win 2048, options [nop,nop,TS val 435766716 ecr 2766753560,nop,nop,sack 2 {931185:952005}{915917:929797}], length 0
11:24:17.790228 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 953393:954781, ack 3931, win 141, options [nop,nop,TS val 2766753646 ecr 435766661], length 1388
11:24:17.790294 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 954781:956169, ack 3931, win 141, options [nop,nop,TS val 2766753646 ecr 435766661], length 1388
11:24:17.792113 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 914529, win 2048, options [nop,nop,TS val 435766719 ecr 2766753560,nop,nop,sack 2 {931185:953393}{915917:929797}], length 0
11:24:17.794052 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 914529, win 2048, options [nop,nop,TS val 435766721 ecr 2766753560,nop,nop,sack 2 {931185:954781}{915917:929797}], length 0
11:24:17.794773 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 914529, win 2048, options [nop,nop,TS val 435766722 ecr 2766753560,nop,nop,sack 2 {931185:956169}{915917:929797}], length 0
11:24:17.794807 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 956169:957557, ack 3931, win 141, options [nop,nop,TS val 2766753649 ecr 435766662], length 1388
11:24:17.795014 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 957557:958945, ack 3931, win 141, options [nop,nop,TS val 2766753649 ecr 435766667], length 1388
11:24:17.795074 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 958945:960333, ack 3931, win 141, options [nop,nop,TS val 2766753649 ecr 435766667], length 1388
11:24:17.798409 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 914529, win 2048, options [nop,nop,TS val 435766725 ecr 2766753560,nop,nop,sack 2 {931185:957557}{915917:929797}], length 0
11:24:17.799332 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 914529:915917, ack 3931, win 141, options [nop,nop,TS val 2766753650 ecr 435766667], length 1388
11:24:17.804117 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 960333:961721, ack 3931, win 141, options [nop,nop,TS val 2766753653 ecr 435766671], length 1388
11:24:17.804350 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 961721:963109, ack 3931, win 141, options [nop,nop,TS val 2766753653 ecr 435766671], length 1388
11:24:17.804402 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 963109:964497, ack 3931, win 141, options [nop,nop,TS val 2766753653 ecr 435766671], length 1388
11:24:17.805685 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 914529, win 2048, options [nop,nop,TS val 435766726 ecr 2766753560,nop,nop,sack 2 {931185:958945}{915917:929797}], length 0
11:24:17.807107 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 914529, win 2048, options [nop,nop,TS val 435766727 ecr 2766753560,nop,nop,sack 2 {931185:960333}{915917:929797}], length 0
11:24:17.808147 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 929797, win 1809, options [nop,nop,TS val 435766733 ecr 2766753650,nop,nop,sack 1 {931185:960333}], length 0
11:24:17.808442 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 929797:931185, ack 3931, win 141, options [nop,nop,TS val 2766753658 ecr 435766684], length 1388
11:24:17.808763 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 929797, win 1871, options [nop,nop,TS val 435766733 ecr 2766753650,nop,nop,sack 1 {931185:960333}], length 0
11:24:17.808910 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 964497:965885, ack 3931, win 141, options [nop,nop,TS val 2766753662 ecr 435766693], length 1388
11:24:17.809467 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 929797, win 1934, options [nop,nop,TS val 435766733 ecr 2766753650,nop,nop,sack 1 {931185:960333}], length 0
11:24:17.809517 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 929797, win 1996, options [nop,nop,TS val 435766733 ecr 2766753650,nop,nop,sack 1 {931185:960333}], length 0
11:24:17.810515 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 929797, win 1996, options [nop,nop,TS val 435766733 ecr 2766753650,nop,nop,sack 1 {931185:961721}], length 0
11:24:17.812997 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 929797, win 2048, options [nop,nop,TS val 435766734 ecr 2766753650,nop,nop,sack 1 {931185:961721}], length 0
11:24:17.813036 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 965885:967273, ack 3931, win 141, options [nop,nop,TS val 2766753662 ecr 435766693], length 1388
11:24:17.813224 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 967273:968661, ack 3931, win 141, options [nop,nop,TS val 2766753662 ecr 435766693], length 1388
11:24:17.814682 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 929797, win 2048, options [nop,nop,TS val 435766739 ecr 2766753650,nop,nop,sack 1 {931185:963109}], length 0
11:24:17.817550 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 968661:970049, ack 3931, win 141, options [nop,nop,TS val 2766753666 ecr 435766699], length 1388
11:24:17.817777 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 970049:971437, ack 3931, win 141, options [nop,nop,TS val 2766753666 ecr 435766699], length 1388
11:24:17.822192 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 929797, win 2048, options [nop,nop,TS val 435766740 ecr 2766753650,nop,nop,sack 1 {931185:964497}], length 0
11:24:17.822155 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 971437:972825, ack 3931, win 141, options [nop,nop,TS val 2766753671 ecr 435766716], length 1388
11:24:17.822156 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 972825:974213, ack 3931, win 141, options [nop,nop,TS val 2766753671 ecr 435766716], length 1388
11:24:17.822829 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 964497, win 1505, options [nop,nop,TS val 435766741 ecr 2766753658], length 0
11:24:17.824270 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 964497, win 1568, options [nop,nop,TS val 435766741 ecr 2766753658], length 0
11:24:17.824326 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 964497, win 1630, options [nop,nop,TS val 435766741 ecr 2766753658], length 0
11:24:17.825529 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 964497, win 1693, options [nop,nop,TS val 435766741 ecr 2766753658], length 0
11:24:17.825576 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 964497, win 1755, options [nop,nop,TS val 435766741 ecr 2766753658], length 0
11:24:17.825592 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 964497, win 1818, options [nop,nop,TS val 435766741 ecr 2766753658], length 0
11:24:17.825625 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 964497, win 1880, options [nop,nop,TS val 435766742 ecr 2766753658], length 0
11:24:17.825641 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 964497, win 1943, options [nop,nop,TS val 435766742 ecr 2766753658], length 0
11:24:17.825678 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 964497, win 2005, options [nop,nop,TS val 435766742 ecr 2766753658], length 0
11:24:17.825694 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 965885, win 2048, options [nop,nop,TS val 435766743 ecr 2766753662], length 0
11:24:17.826658 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 974213:975601, ack 3931, win 141, options [nop,nop,TS val 2766753675 ecr 435766719], length 1388
11:24:17.826711 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 975601:976989, ack 3931, win 141, options [nop,nop,TS val 2766753675 ecr 435766719], length 1388
11:24:17.830983 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 968661, win 2026, options [nop,nop,TS val 435766751 ecr 2766753662], length 0
11:24:17.831200 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 976989:978377, ack 3931, win 141, options [nop,nop,TS val 2766753680 ecr 435766722], length 1388
11:24:17.831252 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 978377:979765, ack 3931, win 141, options [nop,nop,TS val 2766753680 ecr 435766722], length 1388
11:24:17.831252 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 979765:979810, ack 3931, win 141, options [nop,nop,TS val 2766753689 ecr 435766726], length 45
11:24:17.831683 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [.], seq 979810:981198, ack 3931, win 141, options [nop,nop,TS val 2766753689 ecr 435766726], length 1388
11:24:17.831683 Port2_ppp, IN: IP 157.240.20.63.443 > 80.153.59.161.49846: Flags [P.], seq 981198:981232, ack 3931, win 141, options [nop,nop,TS val 2766753689 ecr 435766726], length 34
11:24:17.836636 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 970049, win 2048, options [nop,nop,TS val 435766754 ecr 2766753666], length 0
11:24:17.838165 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 972825, win 2026, options [nop,nop,TS val 435766757 ecr 2766753666], length 0
11:24:17.838668 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 974213, win 2048, options [nop,nop,TS val 435766758 ecr 2766753671], length 0
11:24:17.841461 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 976989, win 2026, options [nop,nop,TS val 435766760 ecr 2766753675], length 0
11:24:17.842639 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 978377, win 2048, options [nop,nop,TS val 435766762 ecr 2766753680], length 0
11:24:17.850737 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 979810, win 2047, options [nop,nop,TS val 435766768 ecr 2766753680], length 0
11:24:17.851351 Port2_ppp, OUT: IP 80.153.59.161.49846 > 157.240.20.63.443: Flags [.], ack 981232, win 2047, options [nop,nop,TS val 435766769 ecr 2766753689], length 0
11:24:17.900287 Port2_ppp, OUT: IP 80.153.59.161.51737 > 51.105.249.223.443: Flags [P.], seq 4139884842:4139884915, ack 3139550549, win 258, length 73
11:24:17.932512 Port2_ppp, IN: IP 51.105.249.223.443 > 80.153.59.161.51737: Flags [P.], seq 1:175, ack 73, win 8119, length 174
11:24:17.972610 Port2_ppp, IN: IP 34.223.45.6.443 > 80.153.59.161.53550: Flags [P.], seq 6109:6450, ack 4696, win 149, options [nop,nop,TS val 39262155 ecr 25345876], length 341
11:24:17.972611 Port2_ppp, IN: IP 34.223.45.6.443 > 80.153.59.161.53550: Flags [P.], seq 6450:6615, ack 4696, win 149, options [nop,nop,TS val 39262155 ecr 25345876], length 165
11:24:17.973379 Port2_ppp, OUT: IP 80.153.59.161.53550 > 34.223.45.6.443: Flags [.], ack 6615, win 431, options [nop,nop,TS val 25345930 ecr 39262155], length 0
11:24:17.978126 Port2_ppp, OUT: IP 80.153.59.161.51737 > 51.105.249.223.443: Flags [.], ack 175, win 257, length 0
11:24:18.026313 Port2_ppp, IN: IP 185.60.217.13.443 > 80.153.59.161.45257: Flags [.], seq 0:48, ack 1, win 125, options [nop,nop,TS val 2070617103 ecr 11127441], length 48
^C
25397 packets captured
25484 packets received by filter
87 packets dropped by kernel
Cancel
Vote Up 0 Vote Down

Cancel
0 Steffi Scheu over 4 years ago in reply to lferrara

Your first command is now also working in V18:

console> drop-packet-capture "host 10.1.12.24 and port 443"
2020-03-17 11:26:22 0101021 IP 52.97.145.37.37507 > 10.1.12.24.443 : proto TCP: S 1225002375:1225002375(0) win 64240 checksum : 44286
0x0000: 4502 0034 9f3d 4000 7106 8ee5 3461 9125 E..4.=@.q...4a.%
0x0010: 0a01 0c18 9283 01bb 4904 0d87 0000 0000 ........I.......
0x0020: 80c2 faf0 acfe 0000 0204 05ac 0103 0308 ................
0x0030: 0101 0402                                ....
Date=2020-03-17 Time=11:26:22 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2_ppp out_dev=Port2_ppp inzone_id=2 outzone_id=2 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=52.97.145.37 dest_ip=10.1.12.24 l4_protocol=TCP source_port=37507 dest_port=443 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=3 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=1 cluster_node=0 inmark=0x8001 nfqueue=0 gateway_offset=0 connid=2800798848 masterid=0 status=288 state=1, flag0=18014948267393024 flags1=17179869184 pbdid_dir0=1 pbrid_dir1=0

2020-03-17 11:26:25 0101021 IP 52.97.145.37.37507 > 10.1.12.24.443 : proto TCP: S 1225002375:1225002375(0) win 64240 checksum : 44286
0x0000: 4502 0034 9f3e 4000 7106 8ee4 3461 9125 E..4.>@.q...4a.%
0x0010: 0a01 0c18 9283 01bb 4904 0d87 0000 0000 ........I.......
0x0020: 80c2 faf0 acfe 0000 0204 05ac 0103 0308 ................
0x0030: 0101 0402                                ....
Date=2020-03-17 Time=11:26:25 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2_ppp out_dev=Port2_ppp inzone_id=2 outzone_id=2 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=52.97.145.37 dest_ip=10.1.12.24 l4_protocol=TCP source_port=37507 dest_port=443 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=3 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=1 cluster_node=0 inmark=0x8001 nfqueue=0 gateway_offset=0 connid=2951197312 masterid=0 status=288 state=1, flag0=18014948267393024 flags1=17179869184 pbdid_dir0=1 pbrid_dir1=0

2020-03-17 11:26:28 0101021 IP 78.42.211.209.33624 > 10.1.12.24.443 : proto TCP: S 674555073:674555073(0) win 65535 checksum : 36746
0x0000: 4500 003c 373e 4000 3606 d569 4e2a d3d1 E..<7>@.6..iN*..
0x0010: 0a01 0c18 8358 01bb 2834 e4c1 0000 0000 .....X..(4......
0x0020: a002 ffff 8f8a 0000 0204 05ac 0402 080a ................
0x0030: 001e ee40 0000 0000 0103 0308            ...@........
Date=2020-03-17 Time=11:26:28 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2_ppp out_dev=Port2_ppp inzone_id=2 outzone_id=2 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=78.42.211.209 dest_ip=10.1.12.24 l4_protocol=TCP source_port=33624 dest_port=443 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=3 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=1 cluster_node=0 inmark=0x8001 nfqueue=0 gateway_offset=0 connid=2878811264 masterid=0 status=288 state=1, flag0=18014948267393024 flags1=17179869184 pbdid_dir0=1 pbrid_dir1=0

2020-03-17 11:26:31 0101021 IP 52.97.145.37.37507 > 10.1.12.24.443 : proto TCP: S 1225002375:1225002375(0) win 64240 checksum : 44478
0x0000: 4500 0034 9f3f 4000 7106 8ee5 3461 9125 E..4.?@.q...4a.%
0x0010: 0a01 0c18 9283 01bb 4904 0d87 0000 0000 ........I.......
0x0020: 8002 faf0 adbe 0000 0204 05ac 0103 0308 ................
0x0030: 0101 0402                                ....
Date=2020-03-17 Time=11:26:31 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port2_ppp out_dev=Port2_ppp inzone_id=2 outzone_id=2 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=52.97.145.37 dest_ip=10.1.12.24 l4_protocol=TCP source_port=37507 dest_port=443 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=3 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=1 cluster_node=0 inmark=0x8001 nfqueue=0 gateway_offset=0 connid=2799311040 masterid=0 status=288 state=1, flag0=18014948267393024 flags1=17179869184 pbdid_dir0=1 pbrid_dir1=0

2020-03-17 11:26:38 0101021 IP 192.168.120.39.57230 > 10.1.12.24.443 : proto TCP: S 2970860147:2970860147(0) win 65535 checksum : 59494
0x0000: 4500 0030 0000 4000 3f06 ecdf c0a8 7827 E..0..@.?.....x'
0x0010: 0a01 0c18 df8e 01bb b113 ba73 0000 0000 ...........s....
0x0020: 7002 ffff e866 0000 0204 05b4 0402 0000 p....f..........
Date=2020-03-17 Time=11:26:38 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port1 out_dev=Port3.20 inzone_id=1 outzone_id=9 source_mac=ac:e4:b5:b5:a9:40 dest_mac=00:1a:8c:45:a4:58 bridge_name= l3_protocol=IPv4 source_ip=192.168.120.39 dest_ip=10.1.12.24 l4_protocol=TCP source_port=57230 dest_port=443 fw_rule_id=0 policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=3 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=3 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=959407360 masterid=0 status=288 state=1, flag0=549757911040 flags1=17179869184 pbdid_dir0=0 pbrid_dir1=0
Cancel
Vote Up 0 Vote Down

Cancel
0 Steffi Scheu over 4 years ago in reply to lferrara
Cancel
Vote Up 0 Vote Down

Cancel