Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 40 subscribers
  • Views 990 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intermittent LAN to WAN drops

Network Inter-State

I am new with Sophos, coming from an older Juniper Firewall, but do have some knowledge with Cisco ASA's and Checkpoint Firewalls. I am having an intermittent issue with our Wifi traffic being dropped even with a rule in place to allow wifi to wan, all services. And when the traffic is dropping, I can use the policy tester, and it says it is allowed. Any thoughts on what to check? Below are my Dropped packets log and my policy tester screenshot:

2020-09-18 10:09:20 010202130 IP XXX.XXX.XXX.XXX.51688 > 137.221.64.8.80 : proto TCP: P 719607583:719607738(155) win 1026 checksum : 62613
0x0000: 4500 00c3 af5d 4000 7f06 7649 0a05 01a4 E....]@...vI....
0x0010: 89dd 4008 c9e8 0050 2ae4 571f 8231 db95 ..@....P*.W..1..
0x0020: 5018 0402 f495 0000 4745 5420 2f74 7072 P.......GET./tpr
0x0030: 2f77 6f77 2f70 6174 6368 2f63 392f 3363 /wow/patch/c9/3c
0x0040: 2f63 3933 6336 3065 3962 3637 3136 3339 /c93c60e9b671639
0x0050: 3262 6437 6137 6131 3836 3861 6639 3935 2bd7a7a1868af995
0x0060: 3420 4854 5450 2f31 2e31 0d0a 486f 7374 4.HTTP/1.1..Host
0x0070: 3a20 7573 2e63 646e 2e62 6c69 7a7a 6172 :.us.cdn.blizzar
0x0080: 642e 636f 6d0d 0a52 616e 6765 3a20 6279 d.com..Range:.by
0x0090: 7465 733d 3130 3031 3533 3438 332d 3130 tes=100153483-10
0x00a0: 3034 3139 3732 320d 0a43 6f6e 6e65 6374 0419722..Connect
0x00b0: 696f 6e3a 206b 6565 702d 616c 6976 650d ion:.keep-alive.
0x00c0: 0a0d 0a ...
Date=2020-09-18 Time=10:09:20 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=XXX.XXX.XXX.XXX dest_ip=137.221.64.8 l4_protocol=TCP source_port=51688 dest_port=80 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbdid_dir0=0 pbrid_dir1=0



This thread was automatically locked due to age.
Parents Reply Children
No Data
Unfiltered HTML