TCP Retransmission between VLANs
Hi,
I have installed a new Sophos XG firewall on my network and I have an issue with packets being dropped due to "bad TCP" between two devices that reside on different VLANs.
In network terms, the current setup is rather convoluted and I'm hoping someone might be able to help analyse the packet capture, taken from the firewall, to determine the root cause.
The issue seems to be coming from the VMware Virtual Server Appliance (VCSA) which is hosted in VMware Workstation that runs on a physical Windows Server 2016 box. The network interfaces in question are teamed (LACP) and presented to VMware Workstation as a bridge. In turn, they are connected to a Cisco switch (SG300) where the two relevant switchports are LAG'd.
Every now and then a packet gets through, however, traffic is typically dropped from the VCSA to the ESX hosts. Sometimes the allow rule denies the packet with the message "Invalid TCP state".
As I said, rather convoluted, so here is a diagram: https://tinyurl.com/ydcew4xz (I can't attach files yet).
If anyone can spare some time to analysis the capture, and share any insights, I'd be most grateful.
Although my current setup now uses Sophos XG, in the last two weeks, I've had the same issues with OPNsense and pfSense firewalls.
T. I. A.
W.
