Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 3455 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTPS traffic form AP15 address - do I need a rule for this?

SalishSwede

I'm seeing some outbound attempts from the address of the ap15.

This is puzzling.  Have I missed something in the setup?

Do I need to add a firewall rule to support this traffic?

10.1.0.1 : 58786
54.72.102.112 : 443
10.1.0.1 : 34456
3.248.95.116 : 443

Thanks,

Doug



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to SalishSwede

    That shouldn't make a difference, Doug.  Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly.  Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file.  Please post the lines corresponding to those above.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson 
    The destination ip addresses shown below for this traffic is is follows:  
    ec2-54-72-102-112.eu-west-1.compute.amazonaws.com
    ec2-3-248-95-116.eu-west-1.compute.amazonaws.com
    Both of these hosts are in Ireland.  
    What is Sophos taking from my wireless access point and sending to Ireland?

    2019:11:08-11:13:43 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="54.72.102.112" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="35627" dstport="443" tcpflags="SYN" 
2019:11:08-11:13:43 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="54.72.102.112" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="35627" dstport="443" tcpflags="SYN" 
2019:11:08-11:13:46 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="54.72.102.112" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="35627" dstport="443" tcpflags="SYN" 
2019:11:08-11:13:50 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="54.72.102.112" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="35627" dstport="443" tcpflags="SYN" 
2019:11:08-11:13:58 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="54.72.102.112" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="35627" dstport="443" tcpflags="SYN" 
2019:11:08-11:14:14 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="54.72.102.112" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="35627" dstport="443" tcpflags="SYN" 
2019:11:08-11:14:46 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="54.72.102.112" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="35627" dstport="443" tcpflags="SYN" 

    2019:11:08-11:11:30 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="3.248.95.116" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="39530" dstport="443" tcpflags="SYN" 
2019:11:08-11:11:30 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="3.248.95.116" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="39530" dstport="443" tcpflags="SYN" 
2019:11:08-11:11:33 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="3.248.95.116" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="39530" dstport="443" tcpflags="SYN" 
2019:11:08-11:11:37 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="3.248.95.116" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="39530" dstport="443" tcpflags="SYN" 
2019:11:08-11:11:45 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="3.248.95.116" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="39530" dstport="443" tcpflags="SYN" 
2019:11:08-11:12:01 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="3.248.95.116" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="39530" dstport="443" tcpflags="SYN" 
2019:11:08-11:12:34 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="3.248.95.116" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="39530" dstport="443" tcpflags="SYN"
  • 0 in reply to SalishSwede

    Interesting, Doug - since you're in North America, get a case open with Sophos Support and then please come back here and tell us what you learned.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I submitted a case, but it appears to be a BlackBox process.  No case number.   We all can agree that accountability is overrated, right?  I referenced the URL of this discussion.

Unfiltered HTML