Help us enhance your Sophos Community experience. Share your thoughts in our Sophos Community survey.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 4 subscribers
  • Views 7174 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Default Drop

aaronsalkeld

I have the latest version of UTM install with the Home Edition.

My son has a PS4 running via the Wifi connection and is trying to play FIFA 19 but it can't connect to play an Ultimate Team game.

I have checked the firewall log and can see a lot of default drops for incoming 443 packet going to the internal IP address of the PS4.

I have tried to get these to be allowed but have not been successful.

I have tried an any - any - any rule but this doesn't work.

I have tried a DNAT from the Internet IP4 - HTTPS Response - PS4 Wifi and this doesn't work either.

What am I missing? How do I stop these packets from being dropped and allowed through?

Any help work be greatly appreicated.

Thanks

Aaron



This thread was automatically locked due to age.
  • 0 in reply to aaronsalkeld

    Getting closer, Aaron! :-)

    Firewall rule 7 has no effect.  Any traffic allowed through to the PS4 comes via your DNAT rule.

    Your "FIFA 19 PS4" might be missing some ports:

    srcip="118.170.42.4" dstip="124.190.219.195" proto="6" length="60" tos="0x00" prec="0x00" ttl="48" srcport="43828" dstport="23" tcpflags="SYN"
    srcip="115.238.245.8" dstip="124.190.219.195" proto="6" length="40" tos="0x00" prec="0x00" ttl="235" srcport="9090" dstport="22" tcpflags="SYN"

    Then again, you need to check the srcip values with things like https://www.ip2location.com/demo/ and https://centralops.net/co/DomainDossier.aspx.  That's the only way to see if these drops are related to what you're doing.

    I haven't seen complaints about max bytes to queue for several years.  I don't know that this is causing you a problem.  If you have a lot of unused memory in your UTM, you can double the size with the following, but if you're tight on RAM, you might want to be more conservative.  If you do try this, do report back on the effect on your issue.

    cc set ips snortsettings max_queued_bytes 2097152

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to aaronsalkeld

    Random thoughts:

    Always check the web filtering logs carefully, as well as firewall and IPS.   Web Filtering traffic does not flow through the firewall.  Whenever the firewall log is empty, I tend to assume the answer is in the web filtering logs.

    Verify that this device is exempt from decrypt-and-scan.   Most home users don't turn this on anyway, but it creates problems for applications that use a mix of web and non-web traffic.

     

Unfiltered HTML