Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 6892 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Internet traffic sometimes denied

Jeff Dufey

Hello all,

I have a little issue with some traffic internet traffic getting denied by my Sophos firewall but I couldn't understand why.

Example 1:

Some traffic from a internal computer to Internet doesn't match anything even if my Internet access rule is like LAN zone, Any host, any service destination any zone, any destination any services (detail of the internet rule below):

Example 2:

Exactly the same kind but some traffic are going through and some others denied. I didn't made any changes between all logs:

Example 3:

In this last example, I see that most of TCP packets are allowed but not UDP.

But my Internet access rule doesn't filter on TCP only:

Internet FW rule details:

Do you guys have any ideas ?

Thanks



This thread was automatically locked due to age.
  • 0

    What does your NAT rules look like? You have some SNAT and DNAT rule showing in the firewall log....

    I had some similar blocks too before. Is the TLS/SSL certificate correctly deployed?

    If you are blocking QUIC, the firewall will block UDP on port 443 but i'm sure you already are aware.

  • 0

    Hi,

    that firewall rule will use the web proxy, so a NAT rule does not come into effect.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to alan weir

    My NAT rules are as follow:

    I disabled the rules 7 as all my internal traffic on other subnet was translated to the gateway address and it is not what I was looking for.

    The rule 8 is the main NAT rule to access internet. Maybe the rule 7 was doing silly stuff for the Internet access.

    Regarding the certificate, I didn't do anything special I use the embeded certificate that comes with the installation of the firewall. No additional created by me.

    Thanks for the QUIC stuff, I wasn't aware of it but now, I learned something :)

  • 0 in reply to rfcat_vk

    Where do you see that Internet firewall rule use web proxy ? Because of the QUIC block option? Or does everything in the Web Filtering section is considered as web proxy?

  • 0 in reply to Jeff Dufey

    Webfilter == web proxy

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Jeff Dufey

    If the NAT rules fire in order, once a NAT rule is triggered, all the other rules below it will be ignored, just like firewall rules.

  • 0 in reply to alan weir

    The other NAT rules on top of my default rule are just "exposing" external services out. And disabled rules should not take effect so I guess for external traffic?

  • 0 in reply to PhilippRusch

    I tried to disabled all function under Webfiltering section but I still have these kind of denied traffic:

    I don't get why it doesn't match my Internet FW rule. The strange thing is that it don't even match a Drop rule that I have created in the bottom with login to try to see all blocked traffic going through my gateway.

    What is this 0 NAT rule ? in the NAT section the first rule start by 1.

  • +1 in reply to Jeff Dufey

    Hi,

    you are chasing dead connections eg the connection has been closed by one end and the other is sending cleanup traffic which the firewall cannot associate with any current active connection.

    You can disable that traffic from being logged.

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML