Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 3224 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTPS traffic form AP15 address - do I need a rule for this?

SalishSwede

I'm seeing some outbound attempts from the address of the ap15.

This is puzzling.  Have I missed something in the setup?

Do I need to add a firewall rule to support this traffic?

10.1.0.1 : 58786
54.72.102.112 : 443
10.1.0.1 : 34456
3.248.95.116 : 443

Thanks,

Doug



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    Both the public IPs belong to Amazon AWS infrastructure. You do not need any firewall rule for AP15 itself as it would identify itself under Wireless Protection if you have configured it in UTM.

    If you're using it with Sophos Central, then you require to allow ports 443, 123, and 80 to communicate with any internet server for the AP15.

    Regards

    Jaydeep

  • 0 in reply to Jaydeep

    I've configured it with the UTM but I have it plugged into my switch not the UTM directly.
    Is this the source of the confusion?
    I'm still puzzled.

  • 0 in reply to SalishSwede

    That shouldn't make a difference, Doug.  Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly.  Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file.  Please post the lines corresponding to those above.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson 
    The destination ip addresses shown below for this traffic is is follows:  
    ec2-54-72-102-112.eu-west-1.compute.amazonaws.com
    ec2-3-248-95-116.eu-west-1.compute.amazonaws.com
    Both of these hosts are in Ireland.  
    What is Sophos taking from my wireless access point and sending to Ireland?

    2019:11:08-11:13:43 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="54.72.102.112" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="35627" dstport="443" tcpflags="SYN" 
2019:11:08-11:13:43 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="54.72.102.112" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="35627" dstport="443" tcpflags="SYN" 
2019:11:08-11:13:46 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="54.72.102.112" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="35627" dstport="443" tcpflags="SYN" 
2019:11:08-11:13:50 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="54.72.102.112" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="35627" dstport="443" tcpflags="SYN" 
2019:11:08-11:13:58 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="54.72.102.112" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="35627" dstport="443" tcpflags="SYN" 
2019:11:08-11:14:14 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="54.72.102.112" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="35627" dstport="443" tcpflags="SYN" 
2019:11:08-11:14:46 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="54.72.102.112" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="35627" dstport="443" tcpflags="SYN" 

    2019:11:08-11:11:30 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="3.248.95.116" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="39530" dstport="443" tcpflags="SYN" 
2019:11:08-11:11:30 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="3.248.95.116" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="39530" dstport="443" tcpflags="SYN" 
2019:11:08-11:11:33 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="3.248.95.116" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="39530" dstport="443" tcpflags="SYN" 
2019:11:08-11:11:37 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="3.248.95.116" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="39530" dstport="443" tcpflags="SYN" 
2019:11:08-11:11:45 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="3.248.95.116" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="39530" dstport="443" tcpflags="SYN" 
2019:11:08-11:12:01 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="3.248.95.116" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="39530" dstport="443" tcpflags="SYN" 
2019:11:08-11:12:34 wahine ulogd[19704]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" initf="eth0" outitf="eth1" srcmac="00:1a:8c:7f:bd:80" dstmac="00:0e:c4:d0:7c:16" srcip="10.1.0.1" dstip="3.248.95.116" proto="6" length="60" tos="0x00" prec="0x00" ttl="63" srcport="39530" dstport="443" tcpflags="SYN"
  • 0 in reply to SalishSwede

    Interesting, Doug - since you're in North America, get a case open with Sophos Support and then please come back here and tell us what you learned.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I submitted a case, but it appears to be a BlackBox process.  No case number.   We all can agree that accountability is overrated, right?  I referenced the URL of this discussion.

Reply Children
No Data
Unfiltered HTML