Hello!
I searched the forum but didn't find any relevant information. It's about a Sophos XG210, connected to a few RED boxes.
A hardware terminal at a branch office, connected via RED, communicates with the software in the HQ via port 8015. Unfortunately, I just constantly get “invalid traffic”.
Here is an excerpt from the log - unfortunately I can't get any further:
2024-03-19 14:01:15Firewallmessageid="01001" log_type="Firewall" log_component="Invalid Traffic" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="N/A" fw_rule_name="" fw_rule_section="" nat_rule_id="0" nat_rule_name="" policy_type="0" sdwan_profile_id_request="0" sdwan_profile_name_request="" sdwan_profile_id_reply="0" sdwan_profile_name_reply="" gw_id_request="0" gw_name_request="" gw_id_reply="0" gw_name_reply="" sdwan_route_id_request="0" sdwan_route_name_request="" sdwan_route_id_reply="0" sdwan_route_name_reply="" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" vlan_id="" ether_type="IPv4 (0x0800)" bridge_name="" bridge_display_name="" in_interface="" in_display_interface="" out_interface="" out_display_interface="" src_mac="" dst_mac="" src_ip="192.168.9.247" src_country="R1" dst_ip="172.16.1.26" dst_country="R1" protocol="TCP" src_port="8015" dst_port="0" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="Invalid TCP destination port." appresolvedby="Signature" app_is_cloud="0" log_occurrence="1" flags="0"
Is this known to anyone? Do you have an idea where I can start? Thank you in advance!!
Best regards Olaf
Added TAGs
[edited by: Erick Jan at 1:37 PM (GMT -7) on 19 Mar 2024]
