Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 18360 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Google playstore

newage
Unable to access google playstore from any android devices behind sophos.
playstore store shows "no connection Retry"
internet accessible.
IPS off
Web filtering on with HTTPS scanning enabled


when https scanning is disabled in profiles mode its loading without any issues
the firewall is configured in Active directory with transparent mode and browser authentication.


This thread was automatically locked due to age.
Parents
  • 0
    There are only two lines that are interesting.

    2013:06:18-18:15:38 SMBfirewall ulogd[4379]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="20:64:32:33:51:8c" dstmac="80:c1:6e:f6:a4:9d" srcip="192.168.1.147" dstip="74.125.141.188" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="50137" dstport="5228" tcpflags="SYN"

    60002 is the default drop rule for traffic passing through the firewall.  Apparently, you need to allow {1:65535->5228} for traffic from "Internal (Network)" to 74.125.141.188 or some subnet that includes that IP.

    2013:06:18-18:38:09 SMBfirewall ulogd[4379]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" srcmac="0:13:80:40:cd:80" dstmac="c8[:D]3:a3:85[:D]:98" srcip="89.133.149.253" dstip="220.225.194.187" proto="6" length="48" tos="0x00" prec="0x00" ttl="112" srcport="3035" dstport="3389" tcpflags="SYN" 

    60001 is the default drop rule for traffic with a dstip on your UTM.  If you have a DNAT to allow remote RDP access to an internal device, then the destination in the traffic selector needs to be changed to the "External (Address)" object created by WebAdmin when the External interface was defined.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    There are only two lines that are interesting.

    2013:06:18-18:15:38 SMBfirewall ulogd[4379]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="20:64:32:33:51:8c" dstmac="80:c1:6e:f6:a4:9d" srcip="192.168.1.147" dstip="74.125.141.188" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="50137" dstport="5228" tcpflags="SYN"

    60002 is the default drop rule for traffic passing through the firewall.  Apparently, you need to allow {1:65535->5228} for traffic from "Internal (Network)" to 74.125.141.188 or some subnet that includes that IP.

    2013:06:18-18:38:09 SMBfirewall ulogd[4379]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth2" srcmac="0:13:80:40:cd:80" dstmac="c8[:D]3:a3:85[:D]:98" srcip="89.133.149.253" dstip="220.225.194.187" proto="6" length="48" tos="0x00" prec="0x00" ttl="112" srcport="3035" dstport="3389" tcpflags="SYN" 

    60001 is the default drop rule for traffic with a dstip on your UTM.  If you have a DNAT to allow remote RDP access to an internal device, then the destination in the traffic selector needs to be changed to the "External (Address)" object created by WebAdmin when the External interface was defined.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
Unfiltered HTML