Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 38 subscribers
  • Views 2616 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Simple firewall rules doesn't trigger

TheBard

I've recently updated to latest version (19), not sure if it's related.

I've added a simple rule to allow ssh between two machines in different vlans, but didn't work. I tried stripping down some restriction to Any-Any between the whole subnets and no user matching to try to troubleshoot it, but still no luck. Got literally dozens of similar rules, all working fine.

I am totally sawmped on what would be the reason the rule doesn't trigger at all and just gets ignored.

Anyone has a suggestion?

Here's the rule: (the two IP ranges are 172.21.10.0/24 as the source and 172.21.20.0/24 as the destination, and they work fine in other rules)

And some logs: (Rule #8 is a drop all and log as the very last rule)

And all the details of the topmost logs if it helps:
2022-05-20 02:03:28Firewallmessageid="00002" log_type="Firewall" log_component="Firewall Rule" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="8" fw_rule_name="Drop All" fw_rule_section="Local rule" nat_rule_id="0" nat_rule_name="" policy_type="1" sdwan_profile_id_request="0" sdwan_profile_name_request="" sdwan_profile_id_reply="0" sdwan_profile_name_reply="" gw_id_request="0" gw_name_request="" gw_id_reply="0" gw_name_reply="" sdwan_route_id_request="0" sdwan_route_name_request="" sdwan_route_id_reply="0" sdwan_route_name_reply="" user="" user_group="" web_policy_id="2" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" vlan_id="" ether_type="IPv4 (0x0800)" bridge_name="" bridge_display_name="" in_interface="LAG_01.10" in_display_interface="VLAN10_LN" out_interface="LAG_01.20" out_display_interface="VLAN20_EX" src_mac="fc:34:97:1e:77:6e" dst_mac="" src_ip="172.21.10.21" src_country="R1" dst_ip="172.21.20.5" dst_country="R1" protocol="TCP" src_port="53063" dst_port="22" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud="0" log_occurrence="1" flags="0" web_policy="Deny All"



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    where does the traffic go?
    I would suggest you change your zone to lan and where does the lag fit into this setup?
    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • +1 in reply to rfcat_vk

    I'm not using the default LAN zone anywhere, but the LN one is configured in the same way and is where the PC I'm using is. The other VLAN is the DMZ. Both VLANs have plenty of rules to interact with other VLANS that work just fine, for some reason that's the only one that wasn't working at all.  

    The LAG connects the PC where In installed sophos to the switch and is set as trunk. 

    Anyway, I solved it somehow. Deleted all the rules with VLAN20, deleted all IP and zone items, recreated them all copying everything from screenshots of the deleted ones and now it works.  I guess it's a win?



Reply
  • +1 in reply to rfcat_vk

    I'm not using the default LAN zone anywhere, but the LN one is configured in the same way and is where the PC I'm using is. The other VLAN is the DMZ. Both VLANs have plenty of rules to interact with other VLANS that work just fine, for some reason that's the only one that wasn't working at all.  

    The LAG connects the PC where In installed sophos to the switch and is set as trunk. 

    Anyway, I solved it somehow. Deleted all the rules with VLAN20, deleted all IP and zone items, recreated them all copying everything from screenshots of the deleted ones and now it works.  I guess it's a win?



Children
No Data
Unfiltered HTML