Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 6 subscribers
  • Views 4360 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM does what it wants with firewall rules

Jean-Charles PELLE

Hello everybody !

 

I appeal to you because I've a problem with my UTM, and more specifically with the firewall rules.

 

I've two networks, named "INFRA" and "SERVEUR".

In the network INFRA, I've some equipments which communicate with the server placed in the network SERVEUR.

I defined a firewall rule to grant access to the server on 1 port, port used by the Database (port n&***; 5432).

 

But, as you can see below, this access is provided at one time, and the next it is no longer allowed (or vice versa).

Access denied :

Access granted (10 second later) :

 

Here is the rule :

Moreover, the destination mac address is not the same (the two last digit).

 

So, did you get this issue, and how can I solve it ?

 

Thanks for your answers !

 

P.S : my UTM is a SG310, firmware : 9.506-2



This thread was automatically locked due to age.
  • 0

    the destination-MAC should not change for one IP.

    Do you use some kind of loadbalancing or adapter-teaming at the server?


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    The server has nor loadbalancing set neither adapter-teaming, but he had two IP address (1 "real" and 1 virtual due to IP address migration)

    I deleted the second one, and I'll keep you posted.

  • 0 in reply to Jean-Charles PELLE

    I read your logs as follows:

    • The successful packet matched Firewall rule number 3, and was allowed.   
    • The failed packet matched nothing, so the DEFAULT DROP rule was applied.

    Why would the second packet not match rule #3?  Do you have a time-of-day restriction on rule number 3?

    The live logs are simplified.   Review the end-of day log for more complete information.

    The people in this forum are not Sophos, although Sophos may monitor and contribute on rare occasions.   However, we have learned the product well enough to use it successfully.   Some of the participants are also Sophos partners who sell the product.   It is much better to use a headline that says "I do not understand and I am frustrated", than to use a headline that says "This product is no good."   It not only insults the product, it also insults those of us who think we have been successful with it.

    We know the problems in this product, and can help you with them when they appear.   Important information is missing from the manual, and we have made it available in the Wiki and elsewhere in this forum.  Random misbehavior is rare in any computer technology.   I have not seen UTM misbehave randomly.

  • 0 in reply to Jean-Charles PELLE

    This happens when UTM is not default Gateway on the server. It doesnt know where to respond. I tested this with DNAT rule. Maybe this can help you

Unfiltered HTML