Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 7 subscribers
  • Views 975 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9 - Support/Advanced/Lan Connections - not accurrate

Jason Brainerd1

The lan connections tab does not appear to be showing all information.  I see a lot of information that appears to be accurate, but some things are missing.  To test things I have made 4 different remote desktop connections to servers outside my office.  None of those connections show up in the list.  I join a Minecraft server but the connection still doesn't show up.  

I can see the connections in the firewall logs, but I'm concerned that I'm not getting an accurate overview of my live connections.  

Am I missing something?  Or does the Lan Connections tab not give the info I'm looking for?

Thanks



This thread was automatically locked due to age.
  • 0

    I think you only see connections from/to firewall.

    PacketFilter connections are permitted or forbitten, but not cennected to the FW.

    Within my devices i see Webadmin connections, LDAP from FW to LDAP servers and proxy-connections.

    All these are terminalted/initiated by the firewall.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Upon closer inspection of the traffic it's actually only really showing me connections on ports 80 and 443.  I'm not seeing anything on any other port. 

    So I have to ask - is there a way for me to see all live connections coming in (being forwarded to something internal) and connections going out (to everything on every port number)?

  • 0 in reply to Jason Brainerd1

    not on per packet basis ... i think.

    You will see the traffic per session. But not the amount of traffic.
    To check all traffic you may capture the traffic (tcpdump at NetScaler or switch-port mirroring) or you use netflow/ IPFIX .


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to Jason Brainerd1

    Many years ago, member Goldy posted the following:

    Concurrent Connections:
    # sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=86400

    number of established connections:
    # less /proc/net/ip_conntrack | grep ESTA | wc -l

    number of all connections:
    # less /proc/net/ip_conntrack | wc -l

    number of connections with status WAIT (close_wait):
    # less /proc/net/ip_conntrack | grep WAIT | wc -l

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML