Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 44 subscribers
  • Views 2210 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Any/Any rule still showing Violation in packet capture

Ben Woolley

What did I do wrong?



This thread was automatically locked due to age.
Parents
  • 0

    Hi  ,

    Thank you for reaching out to the community, may we know the reason to add an any to any rule instead of a well defined zone to zone rule ?
    REF - Add a NAT rule

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • +1 in reply to Vivek Jagad

    It was part of my attempt to create a more well defined zone to zone rule. I am not familiar with the VoIP system, inherited it from another MSP. I am replacing an old Sonicwall with a Sophos and these phones were not connecting. The Phone server is on another vlan. Added the any/any and they connected, so I was looking at packet capture to narrow down what that well defined zone to zone rule needed. When I added the new rules and turned off the any/any, the phones disconnected again. I turned off the new rules and renabled the any/any and the phone was still getting blocked. 

    I had to call into support, and after they did some troubleshooting they had to do some back end stuff using SSH to fix it. 

    Problem statement

    • Facing issues in VLAN communication. 

    Steps Taken

    • We checked that you were not able to connect to the PBX server which is behind the VLAN1:100.
    • SRC IP: 192.168.20.206 and PBX IP: 10.100.3.124
    • We could see the GUI PCAP and in that, it's showing the violation and the reason is FIrewall.
    • We also checked the drop and tcpdump and in the tcpdump, we can see that the traffic forwarding fro VLAN 1:20 to VLAN 1:100 but we were not receiving any response.
    • We flush the conntrack for the DST IP.
    • After flushing the conntrack now PBX server is reachable and working fine.

    It is definetly frustrating that it would take something like this to fix the problem. How would someone like me who has not studied and mastered the CLI be able to figure this out? If I turn off or delete a rule using the GUI, I expect it to be turned off or deleted. The fact that any/any was still blocking something from a deleted rule is crazy. 

    Sorry for the rant. 

  • 0 in reply to Ben Woolley

    Hi,

    if a device has an established connection, then disabling or deleting the rule will not drop the connection, this is from previous posts on similar subjects.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0 in reply to Ben Woolley

    Hi,

    if a device has an established connection, then disabling or deleting the rule will not drop the connection, this is from previous posts on similar subjects.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
Unfiltered HTML