This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SG310 -Interpreting Dropped Packets in Firewall Log

We have a Sophos SG310 Firmware v9.714-4. I am trying to figure out some issues and have been reviewing the firewall log but I'm unable to something out.

Below is an example of a dropped packet listed in the Firewall log.

2023:02:24-01:14:33 utm-wi01-1 ulogd[13185]: id="2022" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" action="drop" fwrule="63001" initf="eth0" threatname="C2/Generic-A" srcmac="00:2c:c8:fb:0e:80" dstmac="00:1a:8c:f0:03:c0" srcip="172.16.1.17" dstip="195.133.40.15" proto="17" length="78" tos="0x00" prec="0x00" ttl="127" srcport="137" dstport="137"

The item I'm having problems with is the "fwrule". I haven't been able to figure out of find how to translate the fwrule number (in this case 63001) to match up with the rules listed on the SG310. Is there a secret decoder ring?

I'm sure it's something obvious but so far I'm stumped.



This thread was automatically locked due to age.