Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 38 subscribers
  • Views 1710 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No outbound traffic from LAN to VPN

Pete Matthews

I'm from a UniFi background where everything is nice and simple point and click so sorry for yet another “I cant connect post” but I’ve followed most of the threads I can find but still struggle.

 

A quick summary. I’ve configured SSL VPN (Remote access) but can’t seem to access any network resources or ping any ip’s

 

I can see data in bound on the packet capture tool, but nothing flowing the other direction. Also looking at the firewall rules, it seems data is coming from VPN but not heading backout which is where I think the problem is. But I cant fathom it out.

 

Any ideas?

 

 

 

 

 

 



This thread was automatically locked due to age.
Parents
  • 0

    Hello Pete,

    Thank you for contacting your Sophos Community!

    Are you using v18 or v17.5?

    1) I would recommend you to change in your VPN to LAN Firewall rule the source zone to be VPN

    2) Make sure under System >> Administration >> Device Access >> Local Service ACL, Ping is selected for VPN and LAN

    3) Make sure you don't have any conflicting rules above this Firewall rule

    4) Sometimes hosts will not reply to packets that come from a different subnet, in this case, please check the Masquerading option in the VPN to LAN firewall rule you created

    5) Run the following command from the Advanced Shell of the Xg (Connect using Putty and after authenticating with the Admin user, press 5 >3)  to confirm the packet flow

    #tcpdump -eni tun0 host Y.Y.Y.Y and proto ICMP (Y.Y.Y.Y = IP you got on your SSL VPN) to stop press ctrl + c

    #tcpdump -eni any host X.X.X.X and host Y.Y.Y.Y and proto ICMP (X.X.X.X = IP you are trying to ping, Y.Y.Y.Y is the SSL VPN IP) to stop press ctrl + c 

    #cish 

    console> drop-packet-capture 'host Y.Y.Y.Y' (Y.Y.Y.Y = IP you got on your SSL VPN) if you see anything here it means the XG is dropping this traffic. 


    If the issue still persists let me know.

    Regards,

     

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    i have the same issue, no outbound traffic

     

     

     

     

        1.  Network  Configuration
        2.  System   Configuration
        3.  Route    Configuration
        4.  Device Console
        5.  Device Management
        6.  VPN Management
        7.  Shutdown/Reboot Device
        0.  Exit

        Select Menu Number [0-7]: 4
    Sophos Firmware Version SFOS 18.0.1 MR-1-Build396

    console> drop-packet-capture "host 10.81.234.6"
    2020-08-22 14:08:52 0101021 IP 10.81.234.6.51909 > 8.8.4.4.53 : proto UDP: packe                                                                                                                                                             t len: 54 checksum : 14689
    0x0000:  4500 004a 6276 4000 3f11 d8c9 0a51 ea06  E..Jbv@.?....Q..
    0x0010:  0808 0404 cac5 0035 0036 3961 8ffb 0100  .......5.69a....
    0x0020:  0001 0000 0000 0000 0167 0877 6861 7473  .........g.whats
    0x0030:  6170 7003 6e65 7407 656e 6572 6779 6105  app.net.energya.
    0x0040:  6c6f 6361 6c00 0001 0001                 local.....
    Date=2020-08-22 Time=14:08:52 log_id=0101021 log_type=Firewall log_component=Fir                                                                                                                                                             ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_                                                                                                                                                             dev=tun0 out_dev=Port2 inzone_id=5 outzone_id=2 source_mac= dest_mac= bridge_nam                                                                                                                                                             e= l3_protocol=IPv4 source_ip=10.81.234.6 dest_ip=8.8.4.4 l4_protocol=UDP source                                                                                                                                                             _port=51909 dest_port=53 fw_rule_id=0 policytype=0 live_userid=1 userid=6 user_g                                                                                                                                                             p=7 ips_id=0 sslvpn_id=1 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0                                                                                                                                                              hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 catego                                                                                                                                                             ry_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=                                                                                                                                                             0x0 nfqueue=0 gateway_offset=0 connid=149812544 masterid=0 status=256 state=0, f                                                                                                                                                             lag0=37155246683717632 flags1=0 pbdid_dir0=0 pbrid_dir1=0

    2020-08-22 14:08:52 0101021 IP 10.81.234.6.26125 > 8.8.4.4.53 : proto UDP: packe                                                                                                                                                             t len: 62 checksum : 9271
    0x0000:  4500 0052 6290 4000 3f11 d8a7 0a51 ea06  E..Rb.@.?....Q..
    0x0010:  0808 0404 660d 0035 003e 2437 5f6a 0100  ....f..5.>$7_j..
    0x0020:  0001 0000 0000 0000 096d 7174 742d 6d69  .........mqtt-mi
    0x0030:  6e69 0866 6163 6562 6f6f 6b03 636f 6d07  ni.facebook.com.
    0x0040:  656e 6572 6779 6105 6c6f 6361 6c00 0001  energya.local...
    0x0050:  0001                                     ..
    Date=2020-08-22 Time=14:08:52 log_id=0101021 log_type=Firewall log_component=Fir                                                                                                                                                             ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_                                                                                                                                                             dev=tun0 out_dev=Port2 inzone_id=5 outzone_id=2 source_mac= dest_mac= bridge_nam                                                                                                                                                             e= l3_protocol=IPv4 source_ip=10.81.234.6 dest_ip=8.8.4.4 l4_protocol=UDP source                                                                                                                                                             _port=26125 dest_port=53 fw_rule_id=0 policytype=0 live_userid=1 userid=6 user_g                                                                                                                                                             p=7 ips_id=0 sslvpn_id=1 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0                                                                                                                                                              hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 catego                                                                                                                                                             ry_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=                                                                                                                                                             0x0 nfqueue=0 gateway_offset=0 connid=149812544 masterid=0 status=256 state=0, f                                                                                                                                                             lag0=37155246683717632 flags1=0 pbdid_dir0=0 pbrid_dir1=0

    2020-08-22 14:08:52 0101021 IP 10.81.234.6.25442 > 8.8.4.4.53 : proto UDP: packe                                                                                                                                                             t len: 75 checksum : 62371
    0x0000:  4500 005f 6293 4000 3f11 d897 0a51 ea06  E.._b.@.?....Q..
    0x0010:  0808 0404 6362 0035 004b f3a3 06c5 0100  ....cb.5.K......
    0x0020:  0001 0000 0000 0000 0d68 6561 6c74 6873  .........healths
    0x0030:  6573 7369 6f6e 0674 6869 6e67 730a 6462  ession.things.db
    0x0040:  616e 6b63 6c6f 7564 0363 6f6d 0765 6e65  ankcloud.com.ene
    0x0050:  7267 7961 056c 6f63 616c 0000 0100 01    rgya.local.....
    Date=2020-08-22 Time=14:08:52 log_id=0101021 log_type=Firewall log_component=Fir                                                                                                                                                             ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_                                                                                                                                                             dev=tun0 out_dev=Port2 inzone_id=5 outzone_id=2 source_mac= dest_mac= bridge_nam                                                                                                                                                             e= l3_protocol=IPv4 source_ip=10.81.234.6 dest_ip=8.8.4.4 l4_protocol=UDP source                                                                                                                                                             _port=25442 dest_port=53 fw_rule_id=0 policytype=0 live_userid=1 userid=6 user_g                                                                                                                                                             p=7 ips_id=0 sslvpn_id=1 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0                                                                                                                                                              hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 catego                                                                                                                                                             ry_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=                                                                                                                                                             0x0 nfqueue=0 gateway_offset=0 connid=149809664 masterid=0 status=256 state=0, f                                                                                                                                                             lag0=37155246683717632 flags1=0 pbdid_dir0=0 pbrid_dir1=0

    2020-08-22 14:08:53 0101021 IP 10.81.234.6.35606 > 193.118.49.173.5228 : proto T                                                                                                                                                             CP: S 2606806834:2606806834(0) win 65535 checksum : 36716
    0x0000:  4500 003c a932 4000 3f06 ab0e 0a51 ea06  E..<.2@.?....Q..
    0x0010:  c176 31ad 8b16 146c 9b60 b732 0000 0000  .v1....l.`.2....
    0x0020:  a002 ffff 8f6c 0000 0204 053c 0402 080a  .....l.....<....
    0x0030:  07bd d7bc 0000 0000 0103 0308            ............
    Date=2020-08-22 Time=14:08:53 log_id=0101021 log_type=Firewall log_component=Fir                                                                                                                                                             ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_                                                                                                                                                             dev=tun0 out_dev=Port2 inzone_id=5 outzone_id=2 source_mac= dest_mac= bridge_nam                                                                                                                                                             e= l3_protocol=IPv4 source_ip=10.81.234.6 dest_ip=193.118.49.173 l4_protocol=TCP                                                                                                                                                              source_port=35606 dest_port=5228 fw_rule_id=0 policytype=0 live_userid=1 userid                                                                                                                                                             =6 user_gp=7 ips_id=0 sslvpn_id=1 web_filter_id=0 hotspot_id=0 hotspotuser_id=0                                                                                                                                                              hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id                                                                                                                                                             =0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=                                                                                                                                                             0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=149814784 masterid=0 status=256 s                                                                                                                                                             tate=1, flag0=37155246683717632 flags1=0 pbdid_dir0=0 pbrid_dir1=0

    2020-08-22 14:08:53 0101021 IP 10.81.234.6.35878 > 8.8.8.8.53 : proto UDP: packe                                                                                                                                                             t len: 42 checksum : 42213
    0x0000:  4500 003e b381 4000 3f11 83c6 0a51 ea06  E..>..@.?....Q..
    0x0010:  0808 0808 8c26 0035 002a a4e5 cffe 0100  .....&.5.*......
    0x0020:  0001 0000 0000 0000 056d 7461 6c6b 0667  .........mtalk.g
    0x0030:  6f6f 676c 6503 636f 6d00 0001 0001       oogle.com.....
    Date=2020-08-22 Time=14:08:53 log_id=0101021 log_type=Firewall log_component=Fir                                                                                                                                                             ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_                                                                                                                                                             dev=tun0 out_dev=Port2 inzone_id=5 outzone_id=2 source_mac= dest_mac= bridge_nam                                                                                                                                                             e= l3_protocol=IPv4 source_ip=10.81.234.6 dest_ip=8.8.8.8 l4_protocol=UDP source                                                                                                                                                             _port=35878 dest_port=53 fw_rule_id=0 policytype=0 live_userid=1 userid=6 user_g                                                                                                                                                             p=7 ips_id=0 sslvpn_id=1 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0                                                                                                                                                              hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 catego                                                                                                                                                             ry_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=                                                                                                                                                             0x0 nfqueue=0 gateway_offset=0 connid=149814784 masterid=0 status=256 state=0, f                                                                                                                                                             lag0=37155246683717632 flags1=0 pbdid_dir0=0 pbrid_dir1=0

    2020-08-22 14:08:54 0101021 IP 10.81.234.6.35606 > 193.118.49.173.5228 : proto T                                                                                                                                                             CP: S 2606806834:2606806834(0) win 65535 checksum : 35695
    0x0000:  4500 003c a933 4000 3f06 ab0d 0a51 ea06  E..<.3@.?....Q..
    0x0010:  c176 31ad 8b16 146c 9b60 b732 0000 0000  .v1....l.`.2....
    0x0020:  a002 ffff 8b6f 0000 0204 053c 0402 080a  .....o.....<....
    0x0030:  07bd dbb9 0000 0000 0103 0308            ............
    Date=2020-08-22 Time=14:08:54 log_id=0101021 log_type=Firewall log_component=Fir                                                                                                                                                             ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_                                                                                                                                                             dev=tun0 out_dev=Port2 inzone_id=5 outzone_id=2 source_mac= dest_mac= bridge_nam                                                                                                                                                             e= l3_protocol=IPv4 source_ip=10.81.234.6 dest_ip=193.118.49.173 l4_protocol=TCP                                                                                                                                                              source_port=35606 dest_port=5228 fw_rule_id=0 policytype=0 live_userid=1 userid                                                                                                                                                             =6 user_gp=7 ips_id=0 sslvpn_id=1 web_filter_id=0 hotspot_id=0 hotspotuser_id=0                                                                                                                                                              hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id                                                                                                                                                             =0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=                                                                                                                                                             0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=474454272 masterid=0 status=256 s                                                                                                                                                             tate=1, flag0=37155246683717632 flags1=0 pbdid_dir0=0 pbrid_dir1=0

    2020-08-22 14:08:55 0101021 IP 10.81.234.6.2052 > 8.8.4.4.53 : proto UDP: packet                                                                                                                                                              len: 42 checksum : 11532
    0x0000:  4500 003e 65c1 4000 3f11 d58a 0a51 ea06  E..>e.@.?....Q..
    0x0010:  0808 0404 0804 0035 002a 2d0c cffe 0100  .......5.*-.....
    0x0020:  0001 0000 0000 0000 056d 7461 6c6b 0667  .........mtalk.g
    0x0030:  6f6f 676c 6503 636f 6d00 0001 0001       oogle.com.....
    Date=2020-08-22 Time=14:08:55 log_id=0101021 log_type=Firewall log_component=Fir                                                                                                                                                             ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_                                                                                                                                                             dev=tun0 out_dev=Port2 inzone_id=5 outzone_id=2 source_mac= dest_mac= bridge_nam                                                                                                                                                             e= l3_protocol=IPv4 source_ip=10.81.234.6 dest_ip=8.8.4.4 l4_protocol=UDP source                                                                                                                                                             _port=2052 dest_port=53 fw_rule_id=0 policytype=0 live_userid=1 userid=6 user_gp                                                                                                                                                             =7 ips_id=0 sslvpn_id=1 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 h                                                                                                                                                             b_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 categor                                                                                                                                                             y_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0                                                                                                                                                             x0 nfqueue=0 gateway_offset=0 connid=474452672 masterid=0 status=256 state=0, fl                                                                                                                                                             ag0=37155246683717632 flags1=0 pbdid_dir0=0 pbrid_dir1=0

    2020-08-22 14:08:56 0101021 IP 10.81.234.6.35606 > 193.118.49.173.5228 : proto T                                                                                                                                                             CP: S 2606806834:2606806834(0) win 65535 checksum : 33679
    0x0000:  4500 003c a934 4000 3f06 ab0c 0a51 ea06  E..<.4@.?....Q..
    0x0010:  c176 31ad 8b16 146c 9b60 b732 0000 0000  .v1....l.`.2....
    0x0020:  a002 ffff 838f 0000 0204 053c 0402 080a  ...........<....
    0x0030:  07bd e399 0000 0000 0103 0308            ............
    Date=2020-08-22 Time=14:08:56 log_id=0101021 log_type=Firewall log_component=Fir                                                                                                                                                             ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_                                                                                                                                                             dev=tun0 out_dev=Port2 inzone_id=5 outzone_id=2 source_mac= dest_mac= bridge_nam                                                                                                                                                             e= l3_protocol=IPv4 source_ip=10.81.234.6 dest_ip=193.118.49.173 l4_protocol=TCP                                                                                                                                                              source_port=35606 dest_port=5228 fw_rule_id=0 policytype=0 live_userid=1 userid                                                                                                                                                             =6 user_gp=7 ips_id=0 sslvpn_id=1 web_filter_id=0 hotspot_id=0 hotspotuser_id=0                                                                                                                                                              hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id                                                                                                                                                             =0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=                                                                                                                                                             0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=474448512 masterid=0 status=256 s                                                                                                                                                             tate=1, flag0=37155246683717632 flags1=0 pbdid_dir0=0 pbrid_dir1=0

    2020-08-22 14:08:57 0101021 IP 10.81.234.6.60540 > 8.8.8.8.53 : proto UDP: packe                                                                                                                                                             t len: 40 checksum : 61053
    0x0000:  4500 003c b52e 4000 3f11 821b 0a51 ea06  E..<..@.?....Q..
    0x0010:  0808 0808 ec7c 0035 0028 ee7d 8477 0100  .....|.5.(.}.w..
    0x0020:  0001 0000 0000 0000 0167 0877 6861 7473  .........g.whats
    0x0030:  6170 7003 6e65 7400 0001 0001            app.net.....
    Date=2020-08-22 Time=14:08:57 log_id=0101021 log_type=Firewall log_component=Fir                                                                                                                                                             ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_                                                                                                                                                             dev=tun0 out_dev=Port2 inzone_id=5 outzone_id=2 source_mac= dest_mac= bridge_nam                                                                                                                                                             e= l3_protocol=IPv4 source_ip=10.81.234.6 dest_ip=8.8.8.8 l4_protocol=UDP source                                                                                                                                                             _port=60540 dest_port=53 fw_rule_id=0 policytype=0 live_userid=1 userid=6 user_g                                                                                                                                                             p=7 ips_id=0 sslvpn_id=1 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0                                                                                                                                                              hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 catego                                                                                                                                                             ry_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=                                                                                                                                                             0x0 nfqueue=0 gateway_offset=0 connid=474448512 masterid=0 status=256 state=0, f                                                                                                                                                             lag0=37155246683717632 flags1=0 pbdid_dir0=0 pbrid_dir1=0

    2020-08-22 14:08:57 0101021 IP 10.81.234.6.60540 > 8.8.8.8.53 : proto UDP: packe                                                                                                                                                             t len: 40 checksum : 3409
    0x0000:  4500 003c b52f 4000 3f11 821a 0a51 ea06  E..<./@.?....Q..
    0x0010:  0808 0808 ec7c 0035 0028 0d51 6589 0100  .....|.5.(.Qe...
    0x0020:  0001 0000 0000 0000 0167 0877 6861 7473  .........g.whats
    0x0030:  6170 7003 6e65 7400 001c 0001            app.net.....
    Date=2020-08-22 Time=14:08:57 log_id=0101021 log_type=Firewall log_component=Fir                                                                                                                                                             ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_                                                                                                                                                             dev=tun0 out_dev=Port2 inzone_id=5 outzone_id=2 source_mac= dest_mac= bridge_nam                                                                                                                                                             e= l3_protocol=IPv4 source_ip=10.81.234.6 dest_ip=8.8.8.8 l4_protocol=UDP source                                                                                                                                                             _port=60540 dest_port=53 fw_rule_id=0 policytype=0 live_userid=1 userid=6 user_g                                                                                                                                                             p=7 ips_id=0 sslvpn_id=1 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0                                                                                                                                                              hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 catego                                                                                                                                                             ry_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=                                                                                                                                                             0x0 nfqueue=0 gateway_offset=0 connid=134354880 masterid=0 status=256 state=0, f                                                                                                                                                             lag0=37155246683717632 flags1=0 pbdid_dir0=0 pbrid_dir1=0

    2020-08-22 14:08:58 0101021 IP 10.81.234.6.35878 > 8.8.8.8.53 : proto UDP: packe                                                                                                                                                             t len: 42 checksum : 42213
    0x0000:  4500 003e b58a 4000 3f11 81bd 0a51 ea06  E..>..@.?....Q..
    0x0010:  0808 0808 8c26 0035 002a a4e5 cffe 0100  .....&.5.*......
    0x0020:  0001 0000 0000 0000 056d 7461 6c6b 0667  .........mtalk.g
    0x0030:  6f6f 676c 6503 636f 6d00 0001 0001       oogle.com.....
    Date=2020-08-22 Time=14:08:58 log_id=0101021 log_type=Firewall log_component=Fir                                                                                                                                                             ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_                                                                                                                                                             dev=tun0 out_dev=Port2 inzone_id=5 outzone_id=2 source_mac= dest_mac= bridge_nam                                                                                                                                                             e= l3_protocol=IPv4 source_ip=10.81.234.6 dest_ip=8.8.8.8 l4_protocol=UDP source                                                                                                                                                             _port=35878 dest_port=53 fw_rule_id=0 policytype=0 live_userid=1 userid=6 user_g                                                                                                                                                             p=7 ips_id=0 sslvpn_id=1 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0                                                                                                                                                              hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 catego                                                                                                                                                             ry_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=                                                                                                                                                             0x0 nfqueue=0 gateway_offset=0 connid=134348800 masterid=0 status=256 state=0, f                                                                                                                                                             lag0=37155246683717632 flags1=0 pbdid_dir0=0 pbrid_dir1=0

    2020-08-22 14:09:01 0101021 IP 10.81.234.6.35606 > 193.118.49.173.5228 : proto T                                                                                                                                                             CP: S 2606806834:2606806834(0) win 65535 checksum : 29551
    0x0000:  4500 003c a935 4000 3f06 ab0b 0a51 ea06  E..<.5@.?....Q..
    0x0010:  c176 31ad 8b16 146c 9b60 b732 0000 0000  .v1....l.`.2....
    0x0020:  a002 ffff 736f 0000 0204 053c 0402 080a  ....so.....<....
    0x0030:  07bd f3b9 0000 0000 0103 0308            ............
    Date=2020-08-22 Time=14:09:01 log_id=0101021 log_type=Firewall log_component=Fir                                                                                                                                                             ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_                                                                                                                                                             dev=tun0 out_dev=Port2 inzone_id=5 outzone_id=2 source_mac= dest_mac= bridge_nam                                                                                                                                                             e= l3_protocol=IPv4 source_ip=10.81.234.6 dest_ip=193.118.49.173 l4_protocol=TCP                                                                                                                                                              source_port=35606 dest_port=5228 fw_rule_id=0 policytype=0 live_userid=1 userid                                                                                                                                                             =6 user_gp=7 ips_id=0 sslvpn_id=1 web_filter_id=0 hotspot_id=0 hotspotuser_id=0                                                                                                                                                              hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id                                                                                                                                                             =0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=                                                                                                                                                             0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=134348800 masterid=0 status=256 s                                                                                                                                                             tate=1, flag0=37155246683717632 flags1=0 pbdid_dir0=0 pbrid_dir1=0

    2020-08-22 14:09:02 0101021 IP 10.81.234.6.46806 > 193.118.49.85.443 : proto TCP                                                                                                                                                             : S 1199021254:1199021254(0) win 65535 checksum : 29774
    0x0000:  4500 003c 7a2a 4000 3f06 da6e 0a51 ea06  E..<z*@.?..n.Q..
    0x0010:  c176 3155 b6d6 01bb 4777 9cc6 0000 0000  .v1U....Gw......
    0x0020:  a002 ffff 744e 0000 0204 053c 0402 080a  ....tN.....<....
    0x0030:  8863 c7d2 0000 0000 0103 0308            .c..........
    Date=2020-08-22 Time=14:09:02 log_id=0101021 log_type=Firewall log_component=Fir                                                                                                                                                             ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_                                                                                                                                                             dev=tun0 out_dev=Port2 inzone_id=5 outzone_id=2 source_mac= dest_mac= bridge_nam                                                                                                                                                             e= l3_protocol=IPv4 source_ip=10.81.234.6 dest_ip=193.118.49.85 l4_protocol=TCP                                                                                                                                                              source_port=46806 dest_port=443 fw_rule_id=0 policytype=0 live_userid=1 userid=6                                                                                                                                                              user_gp=7 ips_id=0 sslvpn_id=1 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb                                                                                                                                                             _src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0                                                                                                                                                              category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0                                                                                                                                                              inmark=0x0 nfqueue=0 gateway_offset=0 connid=134348800 masterid=0 status=256 sta                                                                                                                                                             te=1, flag0=37155246683717632 flags1=0 pbdid_dir0=0 pbrid_dir1=0

    2020-08-22 14:09:02 0101021 IP 10.81.234.6.2052 > 8.8.4.4.53 : proto UDP: packet                                                                                                                                                              len: 42 checksum : 11532
    0x0000:  4500 003e 69ce 4000 3f11 d17d 0a51 ea06  E..>i.@.?..}.Q..
    0x0010:  0808 0404 0804 0035 002a 2d0c cffe 0100  .......5.*-.....
    0x0020:  0001 0000 0000 0000 056d 7461 6c6b 0667  .........mtalk.g
    0x0030:  6f6f 676c 6503 636f 6d00 0001 0001       oogle.com.....
    Date=2020-08-22 Time=14:09:02 log_id=0101021 log_type=Firewall log_component=Fir                                                                                                                                                             ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_                                                                                                                                                             dev=tun0 out_dev=Port2 inzone_id=5 outzone_id=2 source_mac= dest_mac= bridge_nam                                                                                                                                                             e= l3_protocol=IPv4 source_ip=10.81.234.6 dest_ip=8.8.4.4 l4_protocol=UDP source                                                                                                                                                             _port=2052 dest_port=53 fw_rule_id=0 policytype=0 live_userid=1 userid=6 user_gp                                                                                                                                                             =7 ips_id=0 sslvpn_id=1 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 h                                                                                                                                                             b_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 categor                                                                                                                                                             y_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0                                                                                                                                                             x0 nfqueue=0 gateway_offset=0 connid=134348800 masterid=0 status=256 state=0, fl                                                                                                                                                             ag0=37155246683717632 flags1=0 pbdid_dir0=0 pbrid_dir1=0

    2020-08-22 14:09:07 0101021 IP 10.81.234.6.34387 > 8.8.4.4.53 : proto UDP: packet len: 40 checksum : 22699
    0x0000:  4500 003c 6c2c 4000 3f11 cf21 0a51 ea06  E..<l,@.?..!.Q..
    0x0010:  0808 0404 8653 0035 0028 58ab 8477 0100  .....S.5.(X..w..
    0x0020:  0001 0000 0000 0000 0167 0877 6861 7473  .........g.whats
    0x0030:  6170 7003 6e65 7400 0001 0001            app.net.....
    Date=2020-08-22 Time=14:09:07 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=tun0 out_dev=Port2 inzone_id=5 outzone_id=2 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=10.81.234.6 dest_ip=8.8.4.4 l4_protocol=UDP source_port=34387 dest_port=53 fw_rule_id=0 policytype=0 live_userid=1 userid=6 user_gp=7 ips_id=0 sslvpn_id=1 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=134354560 masterid=0 status=256 state=0, flag0=37155246683717632 flags1=0 pbdid_dir0=0 pbrid_dir1=0

    2020-08-22 14:09:07 0101021 IP 10.81.234.6.34387 > 8.8.4.4.53 : proto UDP: packet len: 40 checksum : 30590
    0x0000:  4500 003c 6c2d 4000 3f11 cf20 0a51 ea06  E..<l-@.?....Q..
    0x0010:  0808 0404 8653 0035 0028 777e 6589 0100  .....S.5.(w~e...
    0x0020:  0001 0000 0000 0000 0167 0877 6861 7473  .........g.whats
    0x0030:  6170 7003 6e65 7400 001c 0001            app.net.....
    Date=2020-08-22 Time=14:09:07 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=tun0 out_dev=Port2 inzone_id=5 outzone_id=2 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=10.81.234.6 dest_ip=8.8.4.4 l4_protocol=UDP source_port=34387 dest_port=53 fw_rule_id=0 policytype=0 live_userid=1 userid=6 user_gp=7 ips_id=0 sslvpn_id=1 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=134354560 masterid=0 status=256 state=0, flag0=37155246683717632 flags1=0 pbdid_dir0=0 pbrid_dir1=0

    2020-08-22 14:09:07 0101021 IP 10.81.234.6.37674 > 8.8.8.8.53 : proto UDP: packet len: 56 checksum : 10904
    0x0000:  4500 004c b80c 4000 3f11 7f2d 0a51 ea06  E..L..@.?..-.Q..
    0x0010:  0808 0808 932a 0035 0038 2a98 73f4 0100  .....*.5.8*.s...
    0x0020:  0001 0000 0000 0000 056d 7461 6c6b 0667  .........mtalk.g
    0x0030:  6f6f 676c 6503 636f 6d07 656e 6572 6779  oogle.com.energy
    0x0040:  6105 6c6f 6361 6c00 0001 0001            a.local.....
    Date=2020-08-22 Time=14:09:07 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=tun0 out_dev=Port2 inzone_id=5 outzone_id=2 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=10.81.234.6 dest_ip=8.8.8.8 l4_protocol=UDP source_port=37674 dest_port=53 fw_rule_id=0 policytype=0 live_userid=1 userid=6 user_gp=7 ips_id=0 sslvpn_id=1 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=134354560 masterid=0 status=256 state=0, flag0=37155246683717632 flags1=0 pbdid_dir0=0 pbrid_dir1=0

    2020-08-22 14:09:09 0101021 IP 10.81.234.6.35606 > 193.118.49.173.5228 : proto TCP: S 2606806834:2606806834(0) win 65535 checksum : 21359
    0x0000:  4500 003c a936 4000 3f06 ab0a 0a51 ea06  E..<.6@.?....Q..
    0x0010:  c176 31ad 8b16 146c 9b60 b732 0000 0000  .v1....l.`.2....
    0x0020:  a002 ffff 536f 0000 0204 053c 0402 080a  ....So.....<....
    0x0030:  07be 13b9 0000 0000 0103 0308            ............
    Date=2020-08-22 Time=14:09:09 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=tun0 out_dev=Port2 inzone_id=5 outzone_id=2 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=10.81.234.6 dest_ip=193.118.49.173 l4_protocol=TCP source_port=35606 dest_port=5228 fw_rule_id=0 policytype=0 live_userid=1 userid=6 user_gp=7 ips_id=0 sslvpn_id=1 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=134354560 masterid=0 status=256 state=1, flag0=37155246683717632 flags1=0 pbdid_dir0=0 pbrid_dir1=0

    2020-08-22 14:09:09 0101021 IP 10.81.234.6.48844 > 8.8.4.4.53 : proto UDP: packet len: 56 checksum : 762
    0x0000:  4500 004c 6ca0 4000 3f11 ce9d 0a51 ea06  E..Ll.@.?....Q..
    0x0010:  0808 0404 becc 0035 0038 02fa 73f4 0100  .......5.8..s...
    0x0020:  0001 0000 0000 0000 056d 7461 6c6b 0667  .........mtalk.g
    0x0030:  6f6f 676c 6503 636f 6d07 656e 6572 6779  oogle.com.energy
    0x0040:  6105 6c6f 6361 6c00 0001 0001            a.local.....
    Date=2020-08-22 Time=14:09:09 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=tun0 out_dev=Port2 inzone_id=5 outzone_id=2 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=10.81.234.6 dest_ip=8.8.4.4 l4_protocol=UDP source_port=48844 dest_port=53 fw_rule_id=0 policytype=0 live_userid=1 userid=6 user_gp=7 ips_id=0 sslvpn_id=1 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=134354560 masterid=0 status=256 state=0, flag0=37155246683717632 flags1=0 pbdid_dir0=0 pbrid_dir1=0

    2020-08-22 14:09:12 0101021 IP 10.81.234.6.3962 > 8.8.8.8.53 : proto UDP: packet len: 43 checksum : 40442
    0x0000:  4500 003f ba0c 4000 3f11 7d3a 0a51 ea06  E..?..@.?.}:.Q..
    0x0010:  0808 0808 0f7a 0035 002b 9dfa 497e 0100  .....z.5.+..I~..
    0x0020:  0001 0000 0000 0000 0377 7777 0667 6f6f  .........www.goo
    0x0030:  676c 6503 636f 6d02 7361 0000 0100 01    gle.com.sa.....
    Date=2020-08-22 Time=14:09:12 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=tun0 out_dev=Port2 inzone_id=5 outzone_id=2 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=10.81.234.6 dest_ip=8.8.8.8 l4_protocol=UDP source_port=3962 dest_port=53 fw_rule_id=0 policytype=0 live_userid=1 userid=6 user_gp=7 ips_id=0 sslvpn_id=1 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=134354560 masterid=0 status=256 state=0, flag0=37155246683717632 flags1=0 pbdid_dir0=0 pbrid_dir1=0

    2020-08-22 14:09:12 0101021 IP 10.81.234.6.37674 > 8.8.8.8.53 : proto UDP: packet len: 56 checksum : 10904
    0x0000:  4500 004c ba2f 4000 3f11 7d0a 0a51 ea06  E..L./@.?.}..Q..
    0x0010:  0808 0808 932a 0035 0038 2a98 73f4 0100  .....*.5.8*.s...
    0x0020:  0001 0000 0000 0000 056d 7461 6c6b 0667  .........mtalk.g
    0x0030:  6f6f 676c 6503 636f 6d07 656e 6572 6779  oogle.com.energy
    0x0040:  6105 6c6f 6361 6c00 0001 0001            a.local.....
    Date=2020-08-22 Time=14:09:12 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=tun0 out_dev=Port2 inzone_id=5 outzone_id=2 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=10.81.234.6 dest_ip=8.8.8.8 l4_protocol=UDP source_port=37674 dest_port=53 fw_rule_id=0 policytype=0 live_userid=1 userid=6 user_gp=7 ips_id=0 sslvpn_id=1 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=134354560 masterid=0 status=256 state=0, flag0=37155246683717632 flags1=0 pbdid_dir0=0 pbrid_dir1=0

    2020-08-22 14:09:13 0101021 IP 10.81.234.6.31827 > 8.8.4.4.53 : proto UDP: packet len: 43 checksum : 22674
    0x0000:  4500 003f 6fc7 4000 3f11 cb83 0a51 ea06  E..?o.@.?....Q..
    0x0010:  0808 0404 7c53 0035 002b 5892 2611 0100  ....|S.5.+X.&...
    0x0020:  0001 0000 0000 0000 0377 7777 0667 6f6f  .........www.goo
    0x0030:  676c 6503 636f 6d02 7361 0000 0100 01    gle.com.sa.....
    Date=2020-08-22 Time=14:09:13 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=tun0 out_dev=Port2 inzone_id=5 outzone_id=2 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=10.81.234.6 dest_ip=8.8.4.4 l4_protocol=UDP source_port=31827 dest_port=53 fw_rule_id=0 policytype=0 live_userid=1 userid=6 user_gp=7 ips_id=0 sslvpn_id=1 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=134354560 masterid=0 status=256 state=0, flag0=37155246683717632 flags1=0 pbdid_dir0=0 pbrid_dir1=0

    2020-08-22 14:09:14 0101021 IP 10.81.234.6.28574 > 8.8.8.8.53 : proto UDP: packet len: 43 checksum : 17968
    0x0000:  4500 003f bac0 4000 3f11 7c86 0a51 ea06  E..?..@.?.|..Q..
    0x0010:  0808 0808 6f9e 0035 002b 4630 4124 0100  ....o..5.+F0A$..
    0x0020:  0001 0000 0000 0000 0377 7777 0667 6f6f  .........www.goo
    0x0030:  676c 6503 636f 6d02 7361 0000 0100 01    gle.com.sa.....
    Date=2020-08-22 Time=14:09:14 log_id=0101021 log_type=Firewall log_component=Firewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=tun0 out_dev=Port2 inzone_id=5 outzone_id=2 source_mac= dest_mac= bridge_name= l3_protocol=IPv4 source_ip=10.81.234.6 dest_ip=8.8.8.8 l4_protocol=UDP source_port=28574 dest_port=53 fw_rule_id=0 policytype=0 live_userid=1 userid=6 user_gp=7 ips_id=0 sslvpn_id=1 web_filter_id=0 hotspot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=134354560 masterid=0 status=256 state=0, flag0=37155246683717632 flags1=0 pbdid_dir0=0 pbrid_dir1=0

    ^Cconsole>
    console>

  • 0 in reply to feroz syed

    Hello ferozsyed,

    Thank you for the follow-up.

    I see you are trying to ping an external IP from the SSL VPN.

    I see the XG is dropping this traffic, however, in your Firewall rule I don't see that you have a Firewall rule for this traffic

    You would need to create a Firewall rule that is:

    Source Zone = VPN 

    Source Network = SSL VPN Range

    Destination Zone = WAN

    Destination Network = ANY

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Reply Children
No Data
Unfiltered HTML