Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 6923 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Internet traffic sometimes denied

Jeff Dufey

Hello all,

I have a little issue with some traffic internet traffic getting denied by my Sophos firewall but I couldn't understand why.

Example 1:

Some traffic from a internal computer to Internet doesn't match anything even if my Internet access rule is like LAN zone, Any host, any service destination any zone, any destination any services (detail of the internet rule below):

Example 2:

Exactly the same kind but some traffic are going through and some others denied. I didn't made any changes between all logs:

Example 3:

In this last example, I see that most of TCP packets are allowed but not UDP.

But my Internet access rule doesn't filter on TCP only:

Internet FW rule details:

Do you guys have any ideas ?

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    that firewall rule will use the web proxy, so a NAT rule does not come into effect.

    Ian

    XG115W - v20.0.1 MR-1 - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Where do you see that Internet firewall rule use web proxy ? Because of the QUIC block option? Or does everything in the Web Filtering section is considered as web proxy?

  • 0 in reply to Jeff Dufey

    Webfilter == web proxy

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to PhilippRusch

    I tried to disabled all function under Webfiltering section but I still have these kind of denied traffic:

    I don't get why it doesn't match my Internet FW rule. The strange thing is that it don't even match a Drop rule that I have created in the bottom with login to try to see all blocked traffic going through my gateway.

    What is this 0 NAT rule ? in the NAT section the first rule start by 1.

  • +1 in reply to Jeff Dufey

    Hi,

    you are chasing dead connections eg the connection has been closed by one end and the other is sending cleanup traffic which the firewall cannot associate with any current active connection.

    You can disable that traffic from being logged.

    Ian

    XG115W - v20.0.1 MR-1 - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • +1 in reply to Jeff Dufey

    Hi,

    you are chasing dead connections eg the connection has been closed by one end and the other is sending cleanup traffic which the firewall cannot associate with any current active connection.

    You can disable that traffic from being logged.

    Ian

    XG115W - v20.0.1 MR-1 - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data
Unfiltered HTML