Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Invalid Traffic + Invalid TCP destination port (dest_port="0")

Hello!

I searched the forum but didn't find any relevant information. It's about a Sophos XG210, connected to a few RED boxes.

A hardware terminal at a branch office, connected via RED, communicates with the software in the HQ via port 8015. Unfortunately, I just constantly get “invalid traffic”.

Here is an excerpt from the log - unfortunately I can't get any further:

2024-03-19 14:01:15Firewallmessageid="01001" log_type="Firewall" log_component="Invalid Traffic" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="N/A" fw_rule_name="" fw_rule_section="" nat_rule_id="0" nat_rule_name="" policy_type="0" sdwan_profile_id_request="0" sdwan_profile_name_request="" sdwan_profile_id_reply="0" sdwan_profile_name_reply="" gw_id_request="0" gw_name_request="" gw_id_reply="0" gw_name_reply="" sdwan_route_id_request="0" sdwan_route_name_request="" sdwan_route_id_reply="0" sdwan_route_name_reply="" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" vlan_id="" ether_type="IPv4 (0x0800)" bridge_name="" bridge_display_name="" in_interface="" in_display_interface="" out_interface="" out_display_interface="" src_mac="" dst_mac="" src_ip="192.168.9.247" src_country="R1" dst_ip="172.16.1.26" dst_country="R1" protocol="TCP" src_port="8015" dst_port="0" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="Invalid TCP destination port." appresolvedby="Signature" app_is_cloud="0" log_occurrence="1" flags="0"

Is this known to anyone? Do you have an idea where I can start? Thank you in advance!!

Best regards Olaf



This thread was automatically locked due to age.
Parents
  • Are you sure the terminal is functioning as expected? Firewall log shows source port being 8015 with destination port being 0.

    Dest. port 0 looks really strange to me. How is your firewall rule configured for the RED traffic? Can you share a screenshot of this rule?


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Reply
  • Are you sure the terminal is functioning as expected? Firewall log shows source port being 8015 with destination port being 0.

    Dest. port 0 looks really strange to me. How is your firewall rule configured for the RED traffic? Can you share a screenshot of this rule?


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Children