I need an advice for pointing me in the right direction.I discovered some NetBIOS packets in 2 of our local networks. These seems to be forwarded by our UTM. Because of the name I discovered the source of these. It's an NAS device in a foreign network. This network and ours are connected through a RED Tunnel.
But why is UTM forwarding these? And more important, how to stop that? I tried firewall rules, but that didn't worked.
Hi Alexander Busch,
Thanks for reaching out to the Community!
Can you show us the firewall rule that you configured to block NetBIOS?
I would suggest you try to configure the rule to block NetBIOS to the interface's broadcast address and check if that helps.
Community Support Engineer | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts If a post solves your question use the 'Verify Answer' button.
this is a forum with no claim to answers, still I would appreciate a response.
The firewall rule looks correct to me. Did you check the packet-filter logs on the UTM?
Yes I looked in the packetfilter log. No matching packet for matching srcip or these dstip found. A few packets with dstport 137 from other srcip found, so logging in general is working. But they these were all correctly droped, because of 60001 or 60002.
Any hint for a further direction?