This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Help - Firewall rule which allows port still getting dropped

I have set up a firewall rule to allow communication from a host on my network to communicate out on UDP ports 16800:16820.  I do not have any other rule blocking that port.  Though the firewall is still dropping those packets.  Any ideas on what I am doing wrong and how to correct?  Please see firewall log example below:

2022:09:21-11:59:46 osysb01 ulogd[9951]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="xx:xx:xx:xx:xx:xx" dstmac="00:01:2e:65:33:33" srcip="192.168.1.70" dstip="34.199.17.123" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="16820" dstport="21940" 
2022:09:21-11:59:46 osysb01 ulogd[9951]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" mark="0x11a7" app="423" srcmac="xx:xx:xx:xx:xx:xx" dstmac="d0:37:45:4a:d2:6b" srcip="34.199.17.123" dstip="12.34.56.789" proto="17" length="200" tos="0x00" prec="0x00" ttl="50" srcport="21940" dstport="16820" 
2022:09:21-11:59:46 osysb01 ulogd[9951]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="xx:xx:xx:xx:xx:xx" dstmac="00:01:2e:65:33:33" srcip="192.168.1.70" dstip="34.199.17.123" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="16820" dstport="21940" 
2022:09:21-11:59:46 osysb01 ulogd[9951]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" mark="0x11a7" app="423" srcmac="xx:xx:xx:xx:xx:xx" dstmac="d0:37:45:4a:d2:6b" srcip="34.199.17.123" dstip="12.34.56.789" proto="17" length="200" tos="0x00" prec="0x00" ttl="50" srcport="21940" dstport="16820" 
2022:09:21-11:59:46 osysb01 ulogd[9951]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="xx:xx:xx:xx:xx:xx" dstmac="00:01:2e:65:33:33" srcip="192.168.1.70" dstip="34.199.17.123" proto="17" length="200" tos="0x18" prec="0xa0" ttl="63" srcport="16820" dstport="21940" 

Thanks!



This thread was automatically locked due to age.
Parents Reply
  • Thanks, Aren,

    That's often why we come here - to get help seeing what we know is not there or seeing that what we know is there is not! ;-)

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data