The firewall is blocking allowed connections
-
The firewall log can show you which rule blockled the traffic. Click on the red "block icon" in the Act column. What does it say?
-
It says "Default deny rule" (translated in english) the one you can see from the screenshot I posted in the last post.
But in the firewalling rule, the first one is a "Default allow all". -
It looks like all blocked packets are ACKs. So other traffic seems to get through…interesting.
Do you redirect ACKs somehow?
-
No redirection…none strange configurations...
At the moment I only want to route all the traffic from one NET to the other one and check that all works well. Then I will start to block something...
-
the netmask is consistent with the firewall? other traffic pass through firewall?
-
what do you mean with "the netmask is consistent with the firewall?"
I have set the interfaces in this way: 192.168.46.254/24 and 192.168.10.8/24, is it right?
Yes, traffic on the other interface works correctly.
-
I mean, the workstation and firewall have same netmask.
Yes, traffic on the other interface works correctly.
I'm asking if some type of traffic pass through those networks or none at all.
-
Yes, most of the traffic pass through these interface, but sometimes I found blocked traffic in the logs…
But the strange thing is that the traffic blocked ususally is passed :o
Maybe lost packets that reach the firewall and are discarded?
-
Im not sure, but I think those flags, FPA,PA isn't normal. Maybe is what you told, or a software poorly done.
This blocked traffic impact something or not? if it does not, don't worry too much. -
I don't know why these flags…
The blocked traffic is related to the Sophos antivirus updates, so I hope this software wasn't poorly.
Usually there are no problems, but when it occurs the blocking of these packages, there are significant delays on the AV updates and sometimes isn't possible to connect the server.