Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 7 subscribers
  • Views 2470 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Network firewall rule ignored. Packets drop by default rule (6002)

Antonio Bover

We are getting Default Drop for some traffic that should be allowed in Sophos UTM

Firmware version: 9.605-1

These rules are configured with the same public IP. 

Only traffic for rules 177 and 178 is being blocked

Firewall log shows this message:

2023:08:03-09:44:50 utm ulogd[4916]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth0" srcmac="02:8d:f2:17:73:d0" dstmac="02:50:85:4f:07:5c" srcip="10.27.34.109" dstip="163.166.x.x" proto="6" length="52" tos="0x00" prec="0x00" ttl="116" srcport="53855" dstport="8446" tcpflags="SYN" 

Does anyone know what could be happening for this dropped packets?

Thanks



This thread was automatically locked due to age.
Parents
  • +1

    Hello  , 

    Thank you for reaching out to the community, yes indeed this is a default drop for the dstport 8446, SYN packet. Can you please create a new firewall rule on the top and then check ?

    Rule 60002 generally means the traffic was not destined for Sophos UTM, no firewall rule matched that packet, and no transparent interception was applied. This is known as a "Default drop" because, by default, packets without matching firewall rules are dropped.

    To fix this issue, create a firewall rule matching the traffic's source, service, and destination. If transparent interception should apply, check that the source or destination host/network is not included on a transparent interception skip list.

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Vivek Jagad

    Hi Vivek,

    Thanks for your reply. I created a new firewall rule on the top. It's a "user created rule" but there are many automatic (from server load balancing) rules that have a higher priority. My rule on the top gets the number 186 so it didn´t change anything. 

    Another question, how could I edit my first post? I forgot to remove the public IP Slight smile

    Thanks,

    Regards

Reply
  • 0 in reply to Vivek Jagad

    Hi Vivek,

    Thanks for your reply. I created a new firewall rule on the top. It's a "user created rule" but there are many automatic (from server load balancing) rules that have a higher priority. My rule on the top gets the number 186 so it didn´t change anything. 

    Another question, how could I edit my first post? I forgot to remove the public IP Slight smile

    Thanks,

    Regards

Children
Unfiltered HTML