This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No srcmac or dstmac on firewall live log

Hi I have a UTM SG115 ver 9.501-3 with 2 WAN interfaces one on ETH1 and one one ETH2. The one on ETH1 is an ADSL service connected via an bridged D-Link modem. I am unable to access the internal network via the service on ETH1 and on the Firewall live log I only get len, ttl and tos no srcmac or dstmac e.g.
09:43:27 NAT rule #4 UDP 1.128.110.227:27929→ 139.xxx.xxx.xx :2002
len=60 ttl=54 tos=0x00
09:43:36 Country blocked TCP 5.188.62.91 :44103→139.xxx.xxx.xx:34706
[SYN] len=40 ttl=232 tos=0x00
Could the bridged modem be causing this and is it an indication as to why i can't access the internal network via this IP.



This thread was automatically locked due to age.
Parents Reply Children
  • Hi Brett and welcome to the UTM Community!

    Doug was pointing you at the full log file in 'Logging & Reporting >> View Log Files'.  Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly.  Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file.

    The srcmac for inbound packets on a WAN interface will always be that of the ISP's last-hop router in front of you.  The dstmac will always be that of eth1.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA