To view the report, go to the computer where the problem occurred. Results of packet capture below and firewall rule:Ĭonsole> drop-packet-capture 'host X.X.X.X' If you want to pipe Unreplieds output into another application, like awk or sed, use -csv to have Unreplied output in CSV, which should be easier to parse. My users are understandably ready to throw IT out the window as well as the XG. By default, Unreplied will use the Contacts API to attempt to resolve phone numbers and email addresses into contact names.
I set this up with the help of two separate Sophos Engineers, because I have no experience with Sophos. Westphal <> TCP connections in UNREPLIED state (only SYN seen) can be kept alive > indefinitely, as each SYN re-sets the timeout.It seems that the source ips come in groups of 10 to 15 'as to defeat flood attack filters' with different ports. I have logged several tickets with support and have not gotten it fixed yet. On my firewall connections I see lots of un-replied source ips with random ports to the destination 'my ip:53' with a corresponding cpu spike and slowed connection speeds. I have a rule that allows all traffic to this IP. Below is a packet capture showing what is happening. X.X.X.X is the IP address of the terminal server that they need to access. My users cannot function because the connection constantly stops responding.
Eventually Windows will give them the not responding error message and will close the window. The firewall throws violation errors and then their connection will freeze. They have several systems that they connect to and it is like remoting into a terminal services server. My users are experiencing the following issue.