This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

LAN and bridge WiFi are not behaving the same

We are encountering a weird issue:

We are using a financial windows application. This application suddenly couldn't connec to the service anymore when using the regular LAN connection.
Switching to the WiFi (removing Notebook from DELL Dockingstation) immediately let the application connect.

I realize that the notebook has two IP adresses: 192.168.1.50 and 192.168.1.51

But I also realize that the WiFi SSID/Network is simply bridged and there is no difference for me in having 50 or 51 as everything is withing all range.

Firewall shows no block. IDP shows no block. Content Filter shows no block.

 

Any ideas to help me understand why LAN isn't behaving the same as bridged WIFI?

 

System is UTM9 / 9.508-10



This thread was automatically locked due to age.
  • I think it is a windows routing problem. Have you tried disabling wifi while you are connected in LAN?

  • We disconnected the WiFi from the AP so there was no IP or route. It's still weird.

    We also have a Web Protection log entry that we do not understand:

    2018:04:11-10:09:55 sg330a-2 httpproxy[22827]: id="0002" severity="info" sys="SecureWeb" sub="http" name="web request blocked" action="block" method="CONNECT" srcip="172.17.50.54" dstip="159.220.1.32" user="" group="" ad_domain="" statuscode="500" cached="0" profile="REF_HttProContaLanzhNetwo (wfp_surfing)" filteraction="REF_DefaultHTTPCFFAction (CFA protect (default))" size="230" request="0xb3b18000" url="https://emea1.streaming.cp.thomsonreuters.com/" referer="" error="Connection timed out" authtime="0" dnstime="4" cattime="0" avscantime="0" fullreqtime="127202010" device="0" auth="0" ua="" exceptions="av,sandbox,auth,content,url,ssl,certcheck,certdate,mime,fileextension,patience"

     

    The web request is blocked.

    Then there is an error "Connection timed out"

    There are also exceptions ins place including "content".

    Why is this blocked on the LAN interface but not on the WiFi Interface?

     

  • You have to see the profiles in web filter than. 

  • Still, it won't explain the different behaviour of wired and wireless connections.

     

    I realize that the notebook has two IP adresses: 192.168.1.50 and 192.168.1.51
    But I also realize that the WiFi SSID/Network is simply bridged and there is no difference for me in having 50 or 51 as everything is withing all range.

  • Absolutely with you. Ap is is just a hub at this point

  • Do you have only one internal interface in UTM because this is very strange.  If you have just only one (no LAG or Bridged ) and that Internal Inteface is under the web profile or firewall rules, consider checking your PC for any firewall rules. Check the gateway in PC lan too, because windows sometimes doesnt allow to configure the same gateway in two interfaces. In your logs i dont see any internal IPs regarding to this behavior

  • Since the line from the log shows 172.17.x.y, your laptop doesn't get 192.168.1.y and 192.168.1.z, does it?  Does your access hit the same Profile when you disconnect from the LAN?  Maybe show us the line from a successful access...

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Fortunatley (and unfortunately) we were able to resolve the situation by adjusting the Webfilter. As in our opinion  the behaviour was erratic, we won't be able to reproduce it as the user is very happy that the broker system is working again.

     

    At the end of the day it looks like Web Filtering was the culprit. We still don't understand WHY as switch from WiFi to Wired always immediately solved it.

    If this or something similar happens again, I will further track and document it.