Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 16 replies
  • Subscribers 4 subscribers
  • Views 7382 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNAT rule goes thru and drop in the same moment - that drives me crazy!

Moeppi

Hello, I have created a DNAT rule (NAT rule #1) for the port https/443 to an internal server. (Traffic from Internet: Internet = Group of Sophos default definition: Internet IPv4 and ...IPv6).


In the firewall log I see that the packets are forwarded. But still in the same moment the packets are droped !??



If I switch the DNAT rule off and on again, then the packets are forwarded without droping?!! Here comes the second crazy thing: The forwarding do his job until the External (WAN) interface connection is re-established after 24 hours. (In Germany, a Internet (VDSL) connection is disconnected every 24 hours.). Then the droping of 443 start again until I do the step I decripted.

 

I have already checked my other firewall rules, but here I have no rule for port 443/https that could cause the problem.

How can I find out which setting or rule is responsible for the behaviour? I don't want to manually turn the DNAT rule off and on every day :-(



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    You already know that this isn't normal behavior.  If Briain's suggestion doesn't fix this, please show us a line from the full Firewall log file corresponding to one of those blocks in the Live Log.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I bet MasterRoshi is right that you've violated #3 in Rulz (last updated 2019-04-17), but if you want to recognize similar problems, post that Firewall log file line I asked for above.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hi Bob,

     

    longtime security guru of the sophos forum ;-) Thank you for many helpful comments in other disscussions! That helped me for better understanding firewall security. I've wanted to say this for a long time.


    Anyway. I checked the Rulez just before I opened up this discussion, and also a second time after the last update. But I can't find an error in my config.

     

    In the meantime I reverted the changes onto my firewall rules I descripted in my reply to MasterRoshi (I changed destination back to "Any"). Now I will test the behavior with this change. But when that will works, it's also not a resilient solution, because now I have a guest vlan and no host from management lan should reach a host onto the guest vlan...

    P.S: Yes, I've already get your how-to "Configure HTTP Proxy for a Network of Guests", thanks again for that :-)

Reply
  • 0 in reply to BAlfson

    Hi Bob,

     

    longtime security guru of the sophos forum ;-) Thank you for many helpful comments in other disscussions! That helped me for better understanding firewall security. I've wanted to say this for a long time.


    Anyway. I checked the Rulez just before I opened up this discussion, and also a second time after the last update. But I can't find an error in my config.

     

    In the meantime I reverted the changes onto my firewall rules I descripted in my reply to MasterRoshi (I changed destination back to "Any"). Now I will test the behavior with this change. But when that will works, it's also not a resilient solution, because now I have a guest vlan and no host from management lan should reach a host onto the guest vlan...

    P.S: Yes, I've already get your how-to "Configure HTTP Proxy for a Network of Guests", thanks again for that :-)

Children
No Data
Unfiltered HTML