An XGS 136 v20.0.2 has a Playstation on the LAN zone.
The LAN zone has unlimited Internet Access but IPS is active and DPI is monitoring outgoing connections but is not decrypting anything.
This playstation was first run today and it started with a bunch of IPS alerts for
|
1190717013
|
OS-LINUX Linux Kernel Netfilter iptables-restore Stack-based Buffer Overflow
|
os-linux
|
Linux
|
Client
|
allowed that signature and the IPS alerts are gone. But the user is complaining that he cannot load games.
Checking the logs I see many FW blocks for this device.
This is the same before and after putting such a firewall rule with no IPS and Web Checks on top of all:
2024-12-18 14:34:55 010202130 IP xxx.xxx.xxx.xxx.49324 > 23.53.43.187.443 : proto TCP: F 4091088217:4091088241(24) win 519 checksum : 65050
0x0000: 4500 004c 0000 4000 4006 febb c0a8 3858 E..L..@.@.....8X
0x0010: 1735 2bbb c0ac 01bb f3d9 0d59 e7b6 2352 .5+........Y..#R
0x0020: 8019 0207 fe1a 0000 0101 080a 9fad bbc9 ................
0x0030: 9871 2218 1703 0300 1312 7e72 0232 9205 .q".......~r.2..
0x0040: 6b9a c9ea 7e63 1292 b994 9616 k...~c......
Date=2024-12-18 Time=14:34:55 log_id=010202130 log_type=Firewall log_component=Invalid_Traffic log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev= inzone_id=0 outzone_id=0 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=xxx.xxx.xxx.xxx dest_ip=23.53.43.187 l4_protocol=TCP source_port=49324 dest_port=443 fw_rule_id=N/A policytype=0 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 connid=0 masterid=0 status=0 state=0, flag0=0 flags1=0 pbrid[0]=0 pbrid[1]=0 profileid[0]=0 profileid[1]=0
Any idea or workaround known for that situation?
Added TAGs
[edited by: Raphael Alganes at 1:49 PM (GMT -8) on 18 Dec 2024]
