Sophos Firewall Invalid Traffic
Applies to the following sophos products and versions sophos firewall.
Sophos firewall invalid traffic. Firewall logs for dropping invalid traffic is normal. Sometimes some invalid traffic log entries are perceived in log viewer like the following. I have created a security rule to allow any kind of access from test network to the server but the issue persists. Tcp uses flags to control the state of an open connection.
Within the logs of my xg v17 firewall i m seeing thousands of entries regarding invalid traffic. The good news is we have the message body populated with the reason in v17 s log viewer. I have a firewall rule which is set to allow all outbound traffic so this should cover all traffic however it s not. Specify the matching criteria such as source destination services and users during a time period.
Create rules for ipv4 or ipv6 networks. I have test network and i need to access just to one server in production network in ports 443 7074 and 8443 but the firewall is blocking the connections with invalid traffic logs. Local acl invalid traffic 1. Traffic dropped during user authentication using sophos firewall operating system sfos with sophos transparent authentication suite and having unauthenticated users will cause a 2 minute outage by default because sfos is dropping unauthenticated traffic when determining user authentication.
When reporting please indicate whether you have a real world problem or just asking why you see something in the log. There are various reasons causing invalid traffic this could be an ip packet with invalid header or bad icmp checksum etc. Access cli of the firewall and select option 4 device console 2. Create firewall rules to allow or disallow traffic flow between zones and networks and apply security policies and actions.
Of these requests there are entries relating to internal devices trying to contact xg and internal devices trying to contact. Reduce suppress invalid traffic log lines the log viewer and packet capture appears to gather a mass of firewall log entries stating invalid traffic denied relating to the browser connection from a workstation to the xg firewall interface.