This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Doorbird doesn't work behind Sophos XG Firewall

We have a Doorbird-doorbell behind our Sophos XG Firewall with Firmware....

I also read these articles:

https://community.sophos.com/sophos-xg-firewall/f/discussions/125260/doorbird-connected-to-sophos-xg

The article says using SSL/TLS-Decryption this is the solution but I tried it and it doesn't work, too: https://community.sophos.com/sophos-xg-firewall/f/discussions/124615/how-to-unblock-ring-doorbell-app-when-sophos-xg-is-using-ssl-tls-decryption

So here is another article with the same problem and also no solution:

https://community.sophos.com/sophos-xg-firewall/f/discussions/128958/doorbird-connected-to-sophos-xg-with-no-external-access/473281?focus=true#473279

I posted the details in the article above but I am afraid nobody see it in the discussion. So I open this new question.

Here is my summary:

The Doorbird doesn't get a connection with the XG-Firewall.

Have the same rule as described here https://community.sophos.com/sophos-xg-firewall/f/discussions/128958/doorbird-connected-to-sophos-xg-with-no-external-access/473281?focus=true#473279:

Additional I added an SSL/TLS Inspection-Rule as described here https://community.sophos.com/sophos-xg-firewall/f/discussions/124615/how-to-unblock-ring-doorbell-app-when-sophos-xg-is-using-ssl-tls-decryption:

But I see a lot of errors in the log:

And I also see this in capturing mode - the Local-ACL-violation is strange. Tried this Question to help but I don`t understand a solution:

https://community.sophos.com/sophos-xg-firewall/f/discussions/102533/local_acl

This is the detail-view:

Packet information
Ethernet header
Source MAC address:1c:ca:e3:7b:0c:8e
Destination MAC address: ff:ff:ff:ff:ff:ff
Ethernet type IPv4 (0x800)
 
IPv4 Header
Source IP address:192.168.0.60
Destination IP address:255.255.255.255
Protocol: UDP
Header:20 Bytes
Type of service: 0
Total length: 49 Bytes
Identification:0
Fragment offset:16384
Time to live: 64
Checksum: 31192
 
UDP Header:
Source port:3074
Destination port: 35344
Length: 29
Checksum: 47622

So I don't know what to do. I changed the doorbird hardware but with the new part it's still the same problem. So I think it's an FW-Error.

Please - is there anyone with a solution?

I couldn't find it in the other questions. A lot of people describe the same problem but nobody has an answer.

David



This thread was automatically locked due to age.
Parents
  • Hi,

    what the logs you have posted are showing it the the dirtied does not match any firewall rule. Change your door bird service toany and then review the logs to see which ports it is using. Your logs show that the ports configured in service are not used in the rule.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Update: The Local-ACL-Violation is back:

    Ethernet header
    Source MAC address:1c:ca:e3:7b:0c:8e
    Destination MAC address: ff:ff:ff:ff:ff:ff
    Ethernet type IPv4 (0x800)
     
    IPv4 Header
    Source IP address:192.168.0.60
    Destination IP address:255.255.255.255
    Protocol: UDP
    Header:20 Bytes
    Type of service: 0
    Total length: 49 Bytes
    Identification:0
    Fragment offset:16384
    Time to live: 64
    Checksum: 31192
     
    UDP Header:
    Source port:3074
    Destination port: 35344
    Length: 29
    Checksum: 49165
Reply
  • Update: The Local-ACL-Violation is back:

    Ethernet header
    Source MAC address:1c:ca:e3:7b:0c:8e
    Destination MAC address: ff:ff:ff:ff:ff:ff
    Ethernet type IPv4 (0x800)
     
    IPv4 Header
    Source IP address:192.168.0.60
    Destination IP address:255.255.255.255
    Protocol: UDP
    Header:20 Bytes
    Type of service: 0
    Total length: 49 Bytes
    Identification:0
    Fragment offset:16384
    Time to live: 64
    Checksum: 31192
     
    UDP Header:
    Source port:3074
    Destination port: 35344
    Length: 29
    Checksum: 49165
Children
No Data