Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Invalid Traffic + Invalid TCP destination port (dest_port="0")

Hello!

I searched the forum but didn't find any relevant information. It's about a Sophos XG210, connected to a few RED boxes.

A hardware terminal at a branch office, connected via RED, communicates with the software in the HQ via port 8015. Unfortunately, I just constantly get “invalid traffic”.

Here is an excerpt from the log - unfortunately I can't get any further:

2024-03-19 14:01:15Firewallmessageid="01001" log_type="Firewall" log_component="Invalid Traffic" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="N/A" fw_rule_name="" fw_rule_section="" nat_rule_id="0" nat_rule_name="" policy_type="0" sdwan_profile_id_request="0" sdwan_profile_name_request="" sdwan_profile_id_reply="0" sdwan_profile_name_reply="" gw_id_request="0" gw_name_request="" gw_id_reply="0" gw_name_reply="" sdwan_route_id_request="0" sdwan_route_name_request="" sdwan_route_id_reply="0" sdwan_route_name_reply="" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" vlan_id="" ether_type="IPv4 (0x0800)" bridge_name="" bridge_display_name="" in_interface="" in_display_interface="" out_interface="" out_display_interface="" src_mac="" dst_mac="" src_ip="192.168.9.247" src_country="R1" dst_ip="172.16.1.26" dst_country="R1" protocol="TCP" src_port="8015" dst_port="0" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="Invalid TCP destination port." appresolvedby="Signature" app_is_cloud="0" log_occurrence="1" flags="0"

Is this known to anyone? Do you have an idea where I can start? Thank you in advance!!

Best regards Olaf



Added TAGs
[edited by: Erick Jan at 1:37 PM (GMT -7) on 19 Mar 2024]
Parents
  • Are you sure the terminal is functioning as expected? Firewall log shows source port being 8015 with destination port being 0.

    Dest. port 0 looks really strange to me. How is your firewall rule configured for the RED traffic? Can you share a screenshot of this rule?


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Reply
  • Are you sure the terminal is functioning as expected? Firewall log shows source port being 8015 with destination port being 0.

    Dest. port 0 looks really strange to me. How is your firewall rule configured for the RED traffic? Can you share a screenshot of this rule?


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Children