Community discussions

MikroTik App
 
akarpas
Member Candidate
Member Candidate
Topic Author
Posts: 177
Joined: Tue Mar 20, 2018 4:46 pm

Mikrotik + Sophos XG FW Winbox blocked if APP filter applied

Thu Mar 18, 2021 3:59 pm

I'm gonna be short do not expect too many answers as this is not directly up to Mikrotik but more to Sophos but might be we have people who use Mikrotik with Sophos as well.
So scenario: Mikrotik router is an edge router / firewall + Sophos XG Firewall between Mikrotik and LAN in a transparent bridge mode.
The specific problem I have is that if I apply an APP filter on Sophos main firewall rule Mikrotik Winbox gets blocked even if I open port 8291.
If I search policy entries I can't see anything similar to what would be mentioned to block Winbox. So I'm not sure what way Winbox works.
If someone has any experience with this kind of crap let me know. And sorry for disturbing your time. :)
 
Cablenut9
Long time Member
Long time Member
Posts: 542
Joined: Fri Jan 08, 2021 5:30 am

Re: Mikrotik + Sophos XG FW Winbox blocked if APP filter applied

Thu Mar 18, 2021 4:20 pm

Winbox is an app, so it makes sense that it would be blocked by whatever list the Sophos has for apps.
 
akarpas
Member Candidate
Member Candidate
Topic Author
Posts: 177
Joined: Tue Mar 20, 2018 4:46 pm

Re: Mikrotik + Sophos XG FW Winbox blocked if APP filter applied

Thu Mar 18, 2021 5:11 pm

Winbox is an app, so it makes sense that it would be blocked by whatever list the Sophos has for apps.
Where are several levels of policy with different app categories in it. The one I'm applying is level 5 considered the most dangerous apps on the net and winbox should not be in it.
I was able to trace it further and the inbox was considered as a P2P category app and is blocked.
 
akarpas
Member Candidate
Member Candidate
Topic Author
Posts: 177
Joined: Tue Mar 20, 2018 4:46 pm

Re: Mikrotik + Sophos XG FW Winbox blocked if APP filter applied

Thu Mar 18, 2021 5:38 pm

Found it.
Winbox app was concidered as:
Application Detail
Name Torrent Clients P2P
Category P2P
Risk Very High
Characteristics Excessive Bandwidth, Loss of productivity, Vulnerabilities, Transfer files, Transfer files
Technology P2P
Dependency None
Applicable on 16.01.0 Build 101 and above
Description Block P2P Torrent Clients (Bittorrent,uTorrent,Deluge,QBittorrent,Thunder7): A Torrent client is any program that implements the Torrent protocol. Ea ch client is capable of preparing, requesting, and transmitting any type of computer file over a network, using the protocol.To share a file or group of files, a peer first creates a small file called a "torrent" (e.g. MyFile.torrent). This file contains metadata about the files to be shared and abo ut the tracker, the computer that coordinates the file distribution. Peers that want to download the file must first obtain a torrent file for it and connect to the specified tracker, which tells them from which other peers to download the pieces of the file.

Need to contact Sophos to see what they can do not to block Winbox, and hope this info might be useful for other guys working with Mikrotik and Sophos.
 
msbr
just joined
Posts: 9
Joined: Thu Sep 17, 2015 10:30 pm
Location: Mendoza
Contact:

Re: Mikrotik + Sophos XG FW Winbox blocked if APP filter applied

Fri Apr 30, 2021 6:53 pm

Any Solution?
I have the same problem.
In Sophos XG 210, Winbock is bloqued in category Torrent Clients P2P
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Mikrotik + Sophos XG FW Winbox blocked if APP filter applied

Fri Apr 30, 2021 7:50 pm

Since it's a Sophos problem, ask Sophos about it.

Who is online

Users browsing this forum: Benzebub, CoMMyz and 77 guests