This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to forward TCP 80 or 443 - all other DNAT rules working ok

 Hello, I'm having a frustrating problem with forwarding TCP 80 & 443 to an internal server.  No matter what I do the firewall just keeps dropping the connection.  I've got many other DNAT rules in place which work perfectly well but anything I do with 80 & 443 is dropped.

 

Here's my DNAT rule, pretty straight forward.

  

The service group just contains the default HTTP and HTTPS definitions.

But as you can see...

2017:07:13-12:54:48 utm ulogd[4979]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="00:5f:86:92:8c:1a" dstmac="00:15:5d:1e:68:30" srcip="35.157.133.9" dstip="81.x.x.8" proto="6" length="60" tos="0x00" prec="0x00" ttl="51" srcport="39412" dstport="80" tcpflags="SYN" 

Rule 60001 default drop.  

It's exactly the same if I use 443 but all other DNAT rules work perfectly.

The only services running are 

Firewall

Application Control

Endpoint Protection

Remote Access (SSL VPN)

I've changed the SSL port 4443.

Util recently I did have the web application firewall setup which worked fine but now i need to forward directly to the server.

 

Any ideas?

 

Thanks



This thread was automatically locked due to age.