I have noticed this on a XGS136 18.5 MR3, the machine is in HA and when viewing firewall log it is full of invalid traffic logs.
When doing tcpdump I can see in GUI that it resolves the out interface as Port10 which is my dedicated HA interface.
The Interface is in a dedicated Zone "HA", not WAN.
When doing tcpdump I can see the out interface listed as mv-pcimux0
What is that mv-pcimux0? And why is XGS using that as out interface??
Port2 is the single WAN Gateway the machine has.
XGS136_XN01_SFOS 18.5.3 MR-3-Build408# tcpdump -i any host 10.1.254.22 and host 52.17.61.242 or host 18.158.22.135 -nve tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes 14:31:38.628537 Port2, OUT: Out c8:4f:86:33:33:33 ethertype IPv4 (0x0800), length 68: (tos 0x0, ttl 64, id 63654, offset 0, flags [DF], proto TCP (6), length 52) 10.1.254.22.46018 > 18.158.22.135.443: Flags [S], cksum 0x3163 (incorrect -> 0xee49), seq 3596046757, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 14:31:38.628542 mv-pcimux0, OUT: Out c4:c5:c6:c7:c8:c9 ethertype IPv4 (0x0800), length 68: (tos 0x0, ttl 64, id 63654, offset 0, flags [DF], proto TCP (6), length 52) 10.1.254.22.46018 > 18.158.22.135.443: Flags [S], cksum 0x3163 (incorrect -> 0xee49), seq 3596046757, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0 14:31:38.662125 Port2, IN: In 3c:a6:2f:d3:5a:7d ethertype IPv4 (0x0800), length 68: (tos 0x0, ttl 242, id 0, offset 0, flags [DF], proto TCP (6), length 52) 18.158.22.135.443 > 10.1.254.22.46018: Flags [S.], cksum 0xb8e0 (correct), seq 3975696747, ack 3596046758, win 26883, options [mss 1460,nop,nop,sackOK,nop,wscale 8], length 0 14:31:38.662168 Port2, OUT: Out c8:4f:86:33:33:33 ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 63655, offset 0, flags [DF], proto TCP (6), length 40) 10.1.254.22.46018 > 18.158.22.135.443: Flags [.], cksum 0x3157 (incorrect -> 0x61d2), ack 1, win 229, length 0 14:31:38.662171 mv-pcimux0, OUT: Out c4:c5:c6:c7:c8:c9 ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 63655, offset 0, flags [DF], proto TCP (6), length 40) 10.1.254.22.46018 > 18.158.22.135.443: Flags [.], cksum 0x3157 (incorrect -> 0x61d2), ack 1, win 229, length 0 14:31:38.662624 Port2, OUT: Out c8:4f:86:33:33:33 ethertype IPv4 (0x0800), length 285: (tos 0x0, ttl 64, id 63656, offset 0, flags [DF], proto TCP (6), length 269) 10.1.254.22.46018 > 18.158.22.135.443: Flags [P.], cksum 0x323c (incorrect -> 0x8802), seq 1:230, ack 1, win 229, length 229 14:31:38.662628 mv-pcimux0, OUT: Out c4:c5:c6:c7:c8:c9 ethertype IPv4 (0x0800), length 285: (tos 0x0, ttl 64, id 63656, offset 0, flags [DF], proto TCP (6), length 269) 10.1.254.22.46018 > 18.158.22.135.443: Flags [P.], cksum 0x323c (incorrect -> 0x8802), seq 1:230, ack 1, win 229, length 229 14:31:38.681184 Port2, IN: In 3c:a6:2f:d3:5a:7d ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 242, id 15660, offset 0, flags [DF], proto TCP (6), length 40) 18.158.22.135.443 > 10.1.254.22.46018: Flags [.], cksum 0x6164 (correct), ack 230, win 110, length 0 14:31:38.682162 Port2, IN: In 3c:a6:2f:d3:5a:7d ethertype IPv4 (0x0800), length 1516: (tos 0x0, ttl 242, id 15661, offset 0, flags [DF], proto TCP (6), length 1500) 18.158.22.135.443 > 10.1.254.22.46018: Flags [.], cksum 0x61aa (correct), seq 1:1461, ack 230, win 110, length 1460 14:31:38.682182 Port2, OUT: Out c8:4f:86:33:33:33 ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 63657, offset 0, flags [DF], proto TCP (6), length 40) 10.1.254.22.46018 > 18.158.22.135.443: Flags [.], cksum 0x3157 (incorrect -> 0x5b23), ack 1461, win 251, length 0 14:31:38.682184 mv-pcimux0, OUT: Out c4:c5:c6:c7:c8:c9 ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 63657, offset 0, flags [DF], proto TCP (6), length 40) 10.1.254.22.46018 > 18.158.22.135.443: Flags [.], cksum 0x3157 (incorrect -> 0x5b23), ack 1461, win 251, length 0 14:31:38.682187 Port2, IN: In 3c:a6:2f:d3:5a:7d ethertype IPv4 (0x0800), length 1516: (tos 0x0, ttl 242, id 15662, offset 0, flags [DF], proto TCP (6), length 1500) 18.158.22.135.443 > 10.1.254.22.46018: Flags [.], cksum 0xf8bf (correct), seq 1461:2921, ack 230, win 110, length 1460 14:31:38.682199 Port2, OUT: Out c8:4f:86:33:33:33 ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 63658, offset 0, flags [DF], proto TCP (6), length 40) 10.1.254.22.46018 > 18.158.22.135.443: Flags [.], cksum 0x3157 (incorrect -> 0x5558), ack 2921, win 274, length 0 14:31:38.682201 mv-pcimux0, OUT: Out c4:c5:c6:c7:c8:c9 ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 63658, offset 0, flags [DF], proto TCP (6), length 40) 10.1.254.22.46018 > 18.158.22.135.443: Flags [.], cksum 0x3157 (incorrect -> 0x5558), ack 2921, win 274, length 0 14:31:38.682208 Port2, IN: In 3c:a6:2f:d3:5a:7d ethertype IPv4 (0x0800), length 1516: (tos 0x0, ttl 242, id 15663, offset 0, flags [DF], proto TCP (6), length 1500) 18.158.22.135.443 > 10.1.254.22.46018: Flags [.], cksum 0xeee4 (correct), seq 2921:4381, ack 230, win 110, length 1460 14:31:38.682219 Port2, OUT: Out c8:4f:86:33:33:33 ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 63659, offset 0, flags [DF], proto TCP (6), length 40) 10.1.254.22.46018 > 18.158.22.135.443: Flags [.], cksum 0x3157 (incorrect -> 0x4f8d), ack 4381, win 297, length 0 14:31:38.688763 Port2, OUT: Out c8:4f:86:33:33:33 ethertype IPv4 (0x0800), length 222: (tos 0x0, ttl 64, id 63661, offset 0, flags [DF], proto TCP (6), length 206) 10.1.254.22.46018 > 18.158.22.135.443: Flags [P.], cksum 0x31fd (incorrect -> 0xfa01), seq 230:396, ack 5429, win 320, length 166 14:31:38.688767 mv-pcimux0, OUT: Out c4:c5:c6:c7:c8:c9 ethertype IPv4 (0x0800), length 222: (tos 0x0, ttl 64, id 63661, offset 0, flags [DF], proto TCP (6), length 206) 10.1.254.22.46018 > 18.158.22.135.443: Flags [P.], cksum 0x31fd (incorrect -> 0xfa01), seq 230:396, ack 5429, win 320, length 166 14:31:38.695820 Port2, IN: In 3c:a6:2f:d3:5a:7d ethertype IPv4 (0x0800), length 402: (tos 0x0, ttl 242, id 15665, offset 0, flags [DF], proto TCP (6), length 386) 18.158.22.135.443 > 10.1.254.22.46018: Flags [P.], cksum 0xab3a (correct), seq 5429:5775, ack 396, win 114, length 346 14:31:38.715856 Port2, OUT: Out c8:4f:86:33:33:33 ethertype IPv4 (0x0800), length 493: (tos 0x0, ttl 64, id 63662, offset 0, flags [DF], proto TCP (6), length 477) 10.1.254.22.46018 > 18.158.22.135.443: Flags [P.], cksum 0x330c (incorrect -> 0x18e8), seq 396:833, ack 5775, win 343, length 437 14:31:38.715863 mv-pcimux0, OUT: Out c4:c5:c6:c7:c8:c9 ethertype IPv4 (0x0800), length 493: (tos 0x0, ttl 64, id 63662, offset 0, flags [DF], proto TCP (6), length 477) 10.1.254.22.46018 > 18.158.22.135.443: Flags [P.], cksum 0x330c (incorrect -> 0x18e8), seq 396:833, ack 5775, win 343, length 437 14:31:38.765165 Port2, IN: In 3c:a6:2f:d3:5a:7d ethertype IPv4 (0x0800), length 125: (tos 0x0, ttl 242, id 15667, offset 0, flags [DF], proto TCP (6), length 109) 18.158.22.135.443 > 10.1.254.22.46018: Flags [P.], cksum 0x6578 (correct), seq 6132:6201, ack 833, win 118, length 69 14:31:38.765182 Port2, OUT: Out c8:4f:86:33:33:33 ethertype IPv4 (0x0800), length 68: (tos 0x0, ttl 64, id 63663, offset 0, flags [DF], proto TCP (6), length 52) 10.1.254.22.46018 > 18.158.22.135.443: Flags [.], cksum 0x3163 (incorrect -> 0x6485), ack 5775, win 343, options [nop,nop,sack 1 {6132:6201}], length 0 14:31:38.765183 mv-pcimux0, OUT: Out c4:c5:c6:c7:c8:c9 ethertype IPv4 (0x0800), length 68: (tos 0x0, ttl 64, id 63663, offset 0, flags [DF], proto TCP (6), length 52) 10.1.254.22.46018 > 18.158.22.135.443: Flags [.], cksum 0x3163 (incorrect -> 0x6485), ack 5775, win 343, options [nop,nop,sack 1 {6132:6201}], length 0 14:31:38.769137 Port2, IN: In 3c:a6:2f:d3:5a:7d ethertype IPv4 (0x0800), length 125: (tos 0x0, ttl 242, id 15668, offset 0, flags [DF], proto TCP (6), length 109) 18.158.22.135.443 > 10.1.254.22.46018: Flags [FP.], cksum 0x600d (correct), seq 6201:6270, ack 833, win 118, length 69 14:31:38.769154 Port2, OUT: Out c8:4f:86:33:33:33 ethertype IPv4 (0x0800), length 68: (tos 0x0, ttl 64, id 63664, offset 0, flags [DF], proto TCP (6), length 52) 10.1.254.22.46018 > 18.158.22.135.443: Flags [.], cksum 0x3163 (incorrect -> 0x643f), ack 5775, win 343, options [nop,nop,sack 1 {6132:6271}], length 0 14:31:38.769156 mv-pcimux0, OUT: Out c4:c5:c6:c7:c8:c9 ethertype IPv4 (0x0800), length 68: (tos 0x0, ttl 64, id 63664, offset 0, flags [DF], proto TCP (6), length 52) 10.1.254.22.46018 > 18.158.22.135.443: Flags [.], cksum 0x3163 (incorrect -> 0x643f), ack 5775, win 343, options [nop,nop,sack 1 {6132:6271}], length 0 14:31:38.799372 Port2, IN: In 3c:a6:2f:d3:5a:7d ethertype IPv4 (0x0800), length 413: (tos 0x0, ttl 242, id 15669, offset 0, flags [DF], proto TCP (6), length 397) 18.158.22.135.443 > 10.1.254.22.46018: Flags [P.], cksum 0x4560 (correct), seq 5775:6132, ack 833, win 118, length 357 14:31:38.799391 Port2, OUT: Out c8:4f:86:33:33:33 ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 63665, offset 0, flags [DF], proto TCP (6), length 40) 10.1.254.22.46018 > 18.158.22.135.443: Flags [.], cksum 0x3157 (incorrect -> 0x458c), ack 6271, win 365, length 0 14:31:38.799393 mv-pcimux0, OUT: Out c4:c5:c6:c7:c8:c9 ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 63665, offset 0, flags [DF], proto TCP (6), length 40) 10.1.254.22.46018 > 18.158.22.135.443: Flags [.], cksum 0x3157 (incorrect -> 0x458c), ack 6271, win 365, length 0 14:31:38.800877 Port2, OUT: Out c8:4f:86:33:33:33 ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 63666, offset 0, flags [DF], proto TCP (6), length 40) 10.1.254.22.46018 > 18.158.22.135.443: Flags [R.], cksum 0x3157 (incorrect -> 0x4588), seq 833, ack 6271, win 365, length 0 14:31:38.800883 mv-pcimux0, OUT: Out c4:c5:c6:c7:c8:c9 ethertype IPv4 (0x0800), length 56: (tos 0x0, ttl 64, id 63666, offset 0, flags [DF], proto TCP (6), length 40) 10.1.254.22.46018 > 18.158.22.135.443: Flags [R.], cksum 0x3157 (incorrect -> 0x4588), seq 833, ack 6271, win 365, length 0
Time |
In interface |
Out interface |
Ethernet type |
Source IP |
Destination IP |
Packet type |
Ports [src,dst] |
NAT ID |
Rule ID |
Status |
Reason |
25.05.2022 14:16 |
Port10 |
Port2 |
IPv4 | 10.1.254.22 | 18.158.22.135 | TCP | 28772,443 |
0 |
0 |
Forwarded | |
25.05.2022 14:16 | IPv4 | 10.1.254.22 | 18.158.22.135 | TCP | 28772,443 |
0 |
0 |
Violation |
INVALID_TRAFFIC |
||
25.05.2022 14:16 |
Port10 |
IPv4 | 10.1.254.22 | 18.158.22.135 | TCP | 28772,443 |
0 |
0 |
Incoming | ||
25.05.2022 14:16 |
Port10 |
Port2 |
IPv4 | 10.1.254.22 | 18.158.22.135 | TCP | 28772,443 |
0 |
0 |
Forwarded | |
25.05.2022 14:16 | IPv4 | 10.1.254.22 | 18.158.22.135 | TCP | 28772,443 |
0 |
0 |
Violation |
INVALID_TRAFFIC |
||
25.05.2022 14:16 |
Port10 |
IPv4 | 10.1.254.22 | 18.158.22.135 | TCP | 28772,443 |
0 |
0 |
Incoming | ||
25.05.2022 14:16 | IPv4 | 18.158.22.135 | 10.1.254.22 | TCP | 443,28772 |
0 |
0 |
Violation |
INVALID_TRAFFIC |
||
25.05.2022 14:16 |
Port2 |
IPv4 | 18.158.22.135 | 10.1.254.22 | TCP | 443,28772 |
0 |
0 |
Incoming |
This thread was automatically locked due to age.