Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

invalid traffic 18.203.200.196 .....hydra.sophos.com

our firewall XGS2100 (SFOS 19.5.2 MR-2-Build624) makes connection to:

18.203.200.196
utm-cloudstation-eu-west-1.prod.hydra.sophos.com

all Denied with invalid traffic

Firewall
2023-05-20 15:34:01
Invalid Traffic
Denied
N/A
0
37.153.x
18.203.200.196
19710
443
TCP
0
Open PCAP
Invalid TCP state.
1
Firewall
2023-05-20 15:34:01
Invalid Traffic
Denied
N/A
0
18.203.200.196
37.153.x
443
19710
TCP
0
Open PCAP
Invalid TCP state.
1
Firewall
2023-05-20 15:34:00
Invalid Traffic
Denied
N/A
0
18.203.200.196
37.153.x
443
19710
TCP
0
Open PCAP
Invalid TCP state.
1
Firewall
2023-05-20 15:34:00
Invalid Traffic
Denied
N/A
0
37.153.x
18.203.200.196
19710
443
TCP
0
Open PCAP
Invalid TCP state.
1
Firewall
2023-05-20 15:34:00
Invalid Traffic
Denied
N/A
0
37.153.x
18.203.200.196
19710
443
TCP
0
Open PCAP
Invalid TCP state.
1
Firewall
2023-05-20 15:34:00
Invalid Traffic
Denied
N/A
0
18.203.200.196
37.153.x
443
19710
TCP
0
Open PCAP
Invalid TCP state.
2

Is this by design?

Do I need to allow traffic?

2023-05-20 15:34:00Firewallmessageid="01001" log_type="Firewall" log_component="Invalid Traffic" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="N/A" fw_rule_name="" fw_rule_section="" nat_rule_id="0" nat_rule_name="" policy_type="0" sdwan_profile_id_request="0" sdwan_profile_name_request="" sdwan_profile_id_reply="0" sdwan_profile_name_reply="" gw_id_request="0" gw_name_request="" gw_id_reply="0" gw_name_reply="" sdwan_route_id_request="0" sdwan_route_name_request="" sdwan_route_id_reply="0" sdwan_route_name_reply="" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" vlan_id="" ether_type="IPv4 (0x0800)" bridge_name="" bridge_display_name="" in_interface="" in_display_interface="" out_interface="" out_display_interface="" src_mac="" dst_mac="" src_ip="18.203.200.196" src_country="IRL" dst_ip="37.153.x" dst_country="NLD" protocol="TCP" src_port="443" dst_port="19710" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="Invalid TCP state." appresolvedby="Signature" app_is_cloud="0" log_occurrence="1" flags="0"



This thread was automatically locked due to age.
Parents
  • The first question is: Do you have any kind of problems within your network? Or is this just a "question". 

    Because i am always disabling the Invalid Traffic logging. It is not useful to me. 

    __________________________________________________________________________________________________________________

Reply
  • The first question is: Do you have any kind of problems within your network? Or is this just a "question". 

    Because i am always disabling the Invalid Traffic logging. It is not useful to me. 

    __________________________________________________________________________________________________________________

Children
No Data