Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FOS18: Reject Rule is allowing traffic

Dear all,

I have just experienced a very strange issue in our XG running 18.0.0 GA-Build379. I have the two rules in place:

Rule 5: Allows HTTP & HTTPS from LAN to WAN
Rule 6: Log and Reject all traffic from LAN -> WAN and vice versa

1. When configuring the XG as explicit webbrowser on my client (xg:3128) I can access websites in WAN even though rule 5 does not allow tcp/3128 as service
2. Even more strange: The aforementioned access only works with rule 6 (Reject) being enabled!

You can see here in the logs that rule 6 is the one that allows access from the client to the webproxy on the XG - even though rule 6 has reject as action!!

If I disable rule 6 the client cannot access the webproxy anymore. The same happens if I change the rule action in rule 6 from Reject to Drop...

Any ideas?
Best Regards
Michael



This thread was automatically locked due to age.