Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Invalid Traffic + Invalid TCP destination port (dest_port="0")

Hello!

I searched the forum but didn't find any relevant information. It's about a Sophos XG210, connected to a few RED boxes.

A hardware terminal at a branch office, connected via RED, communicates with the software in the HQ via port 8015. Unfortunately, I just constantly get “invalid traffic”.

Here is an excerpt from the log - unfortunately I can't get any further:

2024-03-19 14:01:15Firewallmessageid="01001" log_type="Firewall" log_component="Invalid Traffic" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="N/A" fw_rule_name="" fw_rule_section="" nat_rule_id="0" nat_rule_name="" policy_type="0" sdwan_profile_id_request="0" sdwan_profile_name_request="" sdwan_profile_id_reply="0" sdwan_profile_name_reply="" gw_id_request="0" gw_name_request="" gw_id_reply="0" gw_name_reply="" sdwan_route_id_request="0" sdwan_route_name_request="" sdwan_route_id_reply="0" sdwan_route_name_reply="" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" vlan_id="" ether_type="IPv4 (0x0800)" bridge_name="" bridge_display_name="" in_interface="" in_display_interface="" out_interface="" out_display_interface="" src_mac="" dst_mac="" src_ip="192.168.9.247" src_country="R1" dst_ip="172.16.1.26" dst_country="R1" protocol="TCP" src_port="8015" dst_port="0" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="Invalid TCP destination port." appresolvedby="Signature" app_is_cloud="0" log_occurrence="1" flags="0"

Is this known to anyone? Do you have an idea where I can start? Thank you in advance!!

Best regards Olaf



This thread was automatically locked due to age.
Parents
  • Are you sure the terminal is functioning as expected? Firewall log shows source port being 8015 with destination port being 0.

    Dest. port 0 looks really strange to me. How is your firewall rule configured for the RED traffic? Can you share a screenshot of this rule?


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Hello everyone,

    Thank you very much for your support - I completely rebuilt the rules and could no longer find the error.

    Unfortunately, the error cannot be reproduced in this way
    The topic has been resolved for me for now.

    Best regards

Reply Children
No Data