I just updated the firewall to the GA release of 18, now my VPN appears busted. I can see the rule allows the traffic in, but its blocking the traffic leaving.
2020-02-19 08:31:17Firewallmessageid="01001" log_type="Firewall" log_component="Invalid Traffic" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="17" nat_rule_id="10" policy_type="1" user="bhawkins" user_group="Open Group" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="Windows Remote Desktop" app_risk="3" app_technology="Client Server" app_category="Remote Access" vlan_id="0" ether_type="IPv4 (0x0800)" bridge_name="" bridge_display_name="" in_interface="" in_display_interface="" out_interface="" out_display_interface="" src_mac="" dst_mac="" src_ip="10.100.1.10" src_country="R1" dst_ip="172.16.24.2" dst_country="R1" protocol="TCP" src_port="3389" dst_port="54367" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="Invalid TCP state." appresolvedby="Signature" app_is_cloud="0"
The Rule 17 is an allow all from VPN to LAN. All of this worked in 17.9 I'm tempted to roll back as maybe there is an issue in the migration of firewall rules.
This thread was automatically locked due to age.
