This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos firewall application classification errors

Hi folks,

sometime in the last 6 weeks I started a thread on classification errors. I have been doing some further investigation and found thane was wrong and needed to be corrected. I have searched all my activities and not been able to find the initial post to correct the error.

Where has the post gone?

Classification errors

Streaming video is classified as infrastructure

NTP is classified as thunderVPN

A http access to an Apple site is classified as manual proxy surfing on IPv6

Some iMAPs traffic is unclassified.

Ian



This thread was automatically locked due to age.
Parents Reply Children
  • Thank you, I understand that, but that wan't the answer to the question about PCAP in logviewer.

    I will try the tcpdump commands again and send you the files.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Emmanuel,

    I sent you two files in a PM.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • I will have to re-do the ntp and let run for a longer time, file is basically empty.

    Ian

    Logviewer does not report any Infrastructure results yet the GUI does and expands to show the traffic. Makes investigation very difficult.

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi,

    the following screen shots are from my XG, today's report from yesterday and from the gui.

    If you study those reports you will notice there is not great consistency about infrastructure and streaming media analysis.

    Some of the issue might be caused by not installing a CA in the streaming media device, not possible so the packed inspection is superficial and streaming media is an exception to scanning.. Though the same issue is observed on devices with a CA installed.

    There is also a screenshot where the GUI does not provide any data.

    I hope the above helps with resolving the steaming media and infrastructure classification issues?

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.