Hi community,
While troubleshooting an issue with a webservice on an internal network I found out after a packet capture on both the client and the Sophos Firewall (unable to capture on the webservice device) that the Sophos Firewall captures packets which seem not to be sent from the client (duplicate packets).
To make sure that another component in the network set-up was not causing this, I connected the client directly on a free port on the Sophos Firewall. The same for the webservice, I connected it as well on a free port on the Sophos Firewall. The Sophos Firewall is still showing duplicate packets.
Wireshark capture on the client:
Tcpdump on the Sophos Firewall:
It seems like the Sophos Firewall is duplicating the packets, unfortunately I cannot confirm if the duplicate packets indeed get send to webservice, but it seems to me that this is not normal behavior as must have a sort of performance impact on the client-server or the firewall server.
Has anybody seen this behavior as well?
Added TAGs
[edited by: Erick Jan at 1:13 PM (GMT -7) on 5 Sep 2024]
