XG randomly classifies traffic as X-VPN - why?

Hi folks,

I know when this is issue started, but do not understand why?

There is another thread asking for assistance to block X-VPN which I added to my block list because it was bypassing the block VPN and tunnel filters.

The device affected is my solar Power inverter which regularly (many times a day) with a central reporting server. Randomly one to two transactions a day are marked as X-VPN.

The inverter has even on the network since it was installed in 2019, the traffic marked as X-VPN is allowed through the firewall with over 300 packets received and some sent.

The firewall rule used by the inverter does not have any application or web policies applied - allow all, no decrypt and scan. The rule has LAN to WAN IPS.

So what is wrong with the classification process?

Ian

Edited TAGs
[edited by: emmosophos at 7:20 PM (GMT -7) on 20 Mar 2023]

0 emmosophos 2 months ago

Hello rfcat,

Thank you for contacting the Sophos Community.

Was this classified previously? if so, how was it classified?

For this we would need a packet capture, to send to LABs for them to confirm why this traffic is being classified as such.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 rfcat_vk 2 months ago in reply to emmosophos

Hi Emmanuel,

the issue is random and it is not every connection. Trying to packet capture would be very frustrating because it might happen twice a day.

At the moment trying to investigate issues is difficult, my ISP/RSP had the network off for an hour while migrating to new DHCP infrastructure and the XG is not behaving in a friendly manner even after a restart. Working with the ISP/RSP to investigate what has failed in the their network.

Ian

currently unclassified according to yesterday's daily repot.

XG115W - v19.5.2 mr-2 - Home

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 rfcat_vk 2 months ago in reply to rfcat_vk

At this stage I can't perform any testing, my internet link is partially broken and I along number of others are waiting for the repair.

Ian

XG115W - v19.5.2 mr-2 - Home

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 emmosophos 2 months ago in reply to rfcat_vk

Hello Ian,

Thank you for the update.

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel