Hi All,
I have a strange behaviour in the UTM packet filter.
We have an incoming connection which we have allowed as usual with this rule.
FW Rule:
Src: 172.24.nnn.nnn/16
DST: 10.0.bbb.bbb/24
TCP: 443
Incoming connections work, but the reply from 10.0.bbb.bbb:443 seems be to a new connection, as without allowing the 10.0.bbb.bbb:443 > 172.nnn.nnn.nnn:50243 the UTM blocks the reply.
08:07:03.081547 IP 172.nnn.nnn.nnn.50243 > 10.0.bbb.bbb.443: Flags [.], ack 28151, win 255, length 0
08:07:03.082191 IP 172.nnn.nnn.nnn.50243 > 10.0.bbb.bbb.443: Flags [P.], seq 61065:61356, ack 28151, win 255, length 291
08:07:03.082239 IP 172.nnn.nnn.nnn.50243 > 10.0.bbb.bbb.5080: Flags [P.], seq 61356:61719, ack 28151, win 255, length 363
08:07:03.082255 IP 10.0.bbb.bbb.5080 > 172.nnn.nnn.nnn.50243: Flags [.], ack 61719, win 1452, length 0
08:07:03.082597 IP 10.0.bbb.bbb.5080 > 172.nnn.nnn.nnn.50243: Flags [P.], seq 28151:28408, ack 61719, win 1452, length 257
08:07:03.082653 IP 10.0.bbb.bbb.5080 > 172.nnn.nnn.nnn.50243: Flags [P.], seq 28408:28415, ack 61719, win 1452, length 7
Default DROP TCP 10.0.bbb.bbb : 443
→ 172.nnn.nnn.nnn : 50243
[RST] len=40 ttl=63 tos=0x00 srcmac=7c:cccccccccc dstmac=00
Default DROP TCP 10.0.bbb.bbb : 443
→ 172.nnn.nnn.nnn : 50243
[RST] len=40 ttl=63 tos=0x00 srcmac=7c:cccccccc dstmac=00
Any Hint what’s going on there?
Greetings
This thread was automatically locked due to age.
