Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allgemeine Frage zu Diensten und Regel Freigabe für Telekom pbx 2.0 Telefonie

Hallo Zusammen,

ich beschäftige mich neu mit der XGS 107 und betreibe diese aktuell neu im eigenen Netzwerk.

Aufbau: Fritzbox --> XGS 107 --> Netzwerk

Jetzt komme ich schon zur ersten Herausforderung. Zusätzlich hätte ich noch allgemeine Fragen.

Die XGS ist soweit ganz neu. Standardregeln wurden im Zuge der Ersteinrichtung angelegt.

Soweit so gut, jetzt ist der Rechner meiner Frau (arbeitet im Homeoffice) ebenfalls eingebunden. Seit dem ich den Rechner über die XGS laufen lasse, verbindet sich der Webex Client  (Telekom) nicht mehr mit dem Telefonie-Server. Sobald ich ihn direkt an die Fritzbox hänge, läuft dieser wieder. 

Ok, hier muss ich eine Regel erstellen. Nach Prüfung des Logs, sehe ich jedoch nicht, was hier geblockt wird. Ich sehe hier nur folgenden Eintrag, der zeitlich in die Anfrage passt.

messageid="02002" log_type="Firewall" log_component="Appliance Access" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="N/A" fw_rule_name="" fw_rule_section="" nat_rule_id="0" nat_rule_name="" policy_type="0" sdwan_profile_id_request="0" sdwan_profile_name_request="" sdwan_profile_id_reply="0" sdwan_profile_name_reply="" gw_id_request="0" gw_name_request="" gw_id_reply="1" gw_name_reply="DHCP_Port2_GW" sdwan_route_id_request="0" sdwan_route_name_request="" sdwan_route_id_reply="0" sdwan_route_name_reply="" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" vlan_id="" ether_type="IPv4 (0x0800)" bridge_name="" bridge_display_name="" in_interface="Port2" in_display_interface="Port2" out_interface="" out_display_interface="" src_mac="4c:52:62:0e:5a:0a" dst_mac="" src_ip="192.168.1.11" src_country="R1" dst_ip="192.168.1.255" dst_country="R1" protocol="UDP" src_port="137" dst_port="137" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud="0" log_occurrence="1" flags="0"

Port 137 auf die Broadcast Adresse. 

Jetzt meine Frage. Wie bekomme ich raus, woran die Verbindung scheitert?

Wie behandelt die XGS Anfragen von Diensten die nicht definiert sind? 

Aktuell ist die Default Network Policy:

LAN beliebiger Host --> beliebiger Dienst --> WAN beliebiger Host 

ich hoffe meine Frage ist verständlich.

Freue mich für jegliche Hilfe.

Gruß



This thread was automatically locked due to age.
Parents Reply Children
  • HI Raphael,

    Thanks for your reply.

    This rule is currently active. As I understand it, every request from the LAN to the WAN (regardless of the service) should be allowed through, right?

    If I now start the Webex (Telekom) client, it also connects to all services, except for the voice server.

    According to the documentation, the following settings should be made for the web client

    The following settings are made in the firewall rule above

    In the log viewer I see (filtered by client PC IP) only the following packets that are rejected

    (no other drops oder rejections filtered with this IP)

    messageid="02002" log_type="Firewall" log_component="Appliance Access" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="N/A" fw_rule_name="" fw_rule_section="" nat_rule_id="0" nat_rule_name="" policy_type="0" sdwan_profile_id_request="0" sdwan_profile_name_request="" sdwan_profile_id_reply="0" sdwan_profile_name_reply="" gw_id_request="0" gw_name_request="" gw_id_reply="1" gw_name_reply="DHCP_Port2_GW" sdwan_route_id_request="0" sdwan_route_name_request="" sdwan_route_id_reply="0" sdwan_route_name_reply="" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" vlan_id="" ether_type="IPv4 (0x0800)" bridge_name="" bridge_display_name="" in_interface="Port2" in_display_interface="Port2" out_interface="" out_display_interface="" src_mac="4c:52:62:0e:5a:0a" dst_mac="" src_ip="192.168.1.11" src_country="R1" dst_ip="192.168.1.255" dst_country="R1" protocol="UDP" src_port="138" dst_port="138" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud="0" log_occurrence="1" flags="0"

     

    Is it possible that one of the ports/services required above needs to be created?

    thanks for your help