Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 6919 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Internet traffic sometimes denied

Jeff Dufey

Hello all,

I have a little issue with some traffic internet traffic getting denied by my Sophos firewall but I couldn't understand why.

Example 1:

Some traffic from a internal computer to Internet doesn't match anything even if my Internet access rule is like LAN zone, Any host, any service destination any zone, any destination any services (detail of the internet rule below):

Example 2:

Exactly the same kind but some traffic are going through and some others denied. I didn't made any changes between all logs:

Example 3:

In this last example, I see that most of TCP packets are allowed but not UDP.

But my Internet access rule doesn't filter on TCP only:

Internet FW rule details:

Do you guys have any ideas ?

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    What does your NAT rules look like? You have some SNAT and DNAT rule showing in the firewall log....

    I had some similar blocks too before. Is the TLS/SSL certificate correctly deployed?

    If you are blocking QUIC, the firewall will block UDP on port 443 but i'm sure you already are aware.

  • 0 in reply to alan weir

    My NAT rules are as follow:

    I disabled the rules 7 as all my internal traffic on other subnet was translated to the gateway address and it is not what I was looking for.

    The rule 8 is the main NAT rule to access internet. Maybe the rule 7 was doing silly stuff for the Internet access.

    Regarding the certificate, I didn't do anything special I use the embeded certificate that comes with the installation of the firewall. No additional created by me.

    Thanks for the QUIC stuff, I wasn't aware of it but now, I learned something :)

Reply
  • 0 in reply to alan weir

    My NAT rules are as follow:

    I disabled the rules 7 as all my internal traffic on other subnet was translated to the gateway address and it is not what I was looking for.

    The rule 8 is the main NAT rule to access internet. Maybe the rule 7 was doing silly stuff for the Internet access.

    Regarding the certificate, I didn't do anything special I use the embeded certificate that comes with the installation of the firewall. No additional created by me.

    Thanks for the QUIC stuff, I wasn't aware of it but now, I learned something :)

Children
Unfiltered HTML