This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Cluster SG210 - NAT Regel funktioniert nicht mehr

Hallo,

Firmwareversion:

9.707-5

wir haben 2 Sophos SG210 im Einsatz und seit einiger Zeit habe ich festgestellt, dass mindestens eine NAT Regel nicht mehr funktioniert und zwar die Regel lautet so:

Any

TCP Port 2083 - Zielport 2083 - Quellport 1:65535

WAN Adresse

Server

TCP Port 2083 - Zielport 2083 - Quellport 1:65535

Automatische Firewallregel ist aktiv.

Ich habe die Regel sogar manuell angelegt aber hat auch nichts gebracht.

Der Log Protokoll sagt folgendes:

14:45:14

Standard-VERWERFEN

TCP

95.130.160.139

17681

→

213.95.82.36

2083

[ACK RST]

len=52

ttl=56

tos=0x00

srcmac=78:19:f7:40:af:f0

dstmac=00:1a:8c:f0:bf:c1

IPS habe ich auch ausgeschalten, hat aber auch nichts gebracht.

Ich komme einfach nicht weiter.

Hat jemand eine Idee ?

Wäre dankbar

Danke im Voraus.

This thread was automatically locked due to age.

Top Replies

Arnold Hienz over 3 years ago in reply to BAlfson +1

Hello, the problem is now solved! Seems to be a UTM bug, I am not sure if its version related or not but I have the latest version 9.707-5 and the issue exists. I have manually created the firewall rule…

Parents

0 BAlfson over 3 years ago

Hallo Arnold,

Herzlich willkommen hier in der Community !

(Sorry, my German-speaking brain isn't creating thoughts at the moment. )

As Dirk said, it's possible that you have no problem, but we can't analyze the log line you showed.

Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly. Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file. Please post the line corresponding to the one above. If you prefer, obfuscate IPs like 84.XX.YY.121, 10.X.Y.100, 192.168.X.200 and 172.2X.Y.51. That lets us see immediately which IPs are local and which are identical or just in the same subnet.

MfG - Bob (Bitte auf Deutsch weiterhin.)

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 3 years ago

Hallo Arnold,

Herzlich willkommen hier in der Community !

(Sorry, my German-speaking brain isn't creating thoughts at the moment. )

As Dirk said, it's possible that you have no problem, but we can't analyze the log line you showed.

Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly. Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file. Please post the line corresponding to the one above. If you prefer, obfuscate IPs like 84.XX.YY.121, 10.X.Y.100, 192.168.X.200 and 172.2X.Y.51. That lets us see immediately which IPs are local and which are identical or just in the same subnet.

MfG - Bob (Bitte auf Deutsch weiterhin.)

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data