Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

invalid traffic 18.203.200.196 .....hydra.sophos.com

our firewall XGS2100 (SFOS 19.5.2 MR-2-Build624) makes connection to:

18.203.200.196
utm-cloudstation-eu-west-1.prod.hydra.sophos.com

all Denied with invalid traffic

Firewall
2023-05-20 15:34:01
Invalid Traffic
Denied
N/A
0
37.153.x
18.203.200.196
19710
443
TCP
0
Open PCAP
Invalid TCP state.
1
Firewall
2023-05-20 15:34:01
Invalid Traffic
Denied
N/A
0
18.203.200.196
37.153.x
443
19710
TCP
0
Open PCAP
Invalid TCP state.
1
Firewall
2023-05-20 15:34:00
Invalid Traffic
Denied
N/A
0
18.203.200.196
37.153.x
443
19710
TCP
0
Open PCAP
Invalid TCP state.
1
Firewall
2023-05-20 15:34:00
Invalid Traffic
Denied
N/A
0
37.153.x
18.203.200.196
19710
443
TCP
0
Open PCAP
Invalid TCP state.
1
Firewall
2023-05-20 15:34:00
Invalid Traffic
Denied
N/A
0
37.153.x
18.203.200.196
19710
443
TCP
0
Open PCAP
Invalid TCP state.
1
Firewall
2023-05-20 15:34:00
Invalid Traffic
Denied
N/A
0
18.203.200.196
37.153.x
443
19710
TCP
0
Open PCAP
Invalid TCP state.
2

Is this by design?

Do I need to allow traffic?

2023-05-20 15:34:00Firewallmessageid="01001" log_type="Firewall" log_component="Invalid Traffic" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="N/A" fw_rule_name="" fw_rule_section="" nat_rule_id="0" nat_rule_name="" policy_type="0" sdwan_profile_id_request="0" sdwan_profile_name_request="" sdwan_profile_id_reply="0" sdwan_profile_name_reply="" gw_id_request="0" gw_name_request="" gw_id_reply="0" gw_name_reply="" sdwan_route_id_request="0" sdwan_route_name_request="" sdwan_route_id_reply="0" sdwan_route_name_reply="" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" vlan_id="" ether_type="IPv4 (0x0800)" bridge_name="" bridge_display_name="" in_interface="" in_display_interface="" out_interface="" out_display_interface="" src_mac="" dst_mac="" src_ip="18.203.200.196" src_country="IRL" dst_ip="37.153.x" dst_country="NLD" protocol="TCP" src_port="443" dst_port="19710" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="Invalid TCP state." appresolvedby="Signature" app_is_cloud="0" log_occurrence="1" flags="0"



This thread was automatically locked due to age.
Parents
  • Hi,

    there appears to be a network issue possibly with your WAN interface NIC. Normally a firewall rule is not required for access to the up2date servers because the connections are all done outside (WAN) to the user firewall configuration.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hi,
    the workstation on LAN can make connection to the secure website 

    https[:]//utm-cloudstation-eu-west-1.prod.hydra.sophos.com

Reply Children