UTM Blocks reply packet

Hi All,

I have a strange behaviour in the UTM packet filter.
We have an incoming connection which we have allowed as usual with this rule.

FW Rule:
Src: 172.24.nnn.nnn/16
DST: 10.0.bbb.bbb/24
TCP: 443

Incoming connections work, but the reply from 10.0.bbb.bbb:443 seems be to a new connection, as without allowing the 10.0.bbb.bbb:443 > 172.nnn.nnn.nnn:50243 the UTM blocks the reply.


08:07:03.081547 IP 172.nnn.nnn.nnn.50243 > 10.0.bbb.bbb.443: Flags [.], ack 28151, win 255, length 0
08:07:03.082191 IP 172.nnn.nnn.nnn.50243 > 10.0.bbb.bbb.443: Flags [P.], seq 61065:61356, ack 28151, win 255, length 291
08:07:03.082239 IP 172.nnn.nnn.nnn.50243 > 10.0.bbb.bbb.5080: Flags [P.], seq 61356:61719, ack 28151, win 255, length 363
08:07:03.082255 IP 10.0.bbb.bbb.5080 > 172.nnn.nnn.nnn.50243: Flags [.], ack 61719, win 1452, length 0
08:07:03.082597 IP 10.0.bbb.bbb.5080 > 172.nnn.nnn.nnn.50243: Flags [P.], seq 28151:28408, ack 61719, win 1452, length 257
08:07:03.082653 IP 10.0.bbb.bbb.5080 > 172.nnn.nnn.nnn.50243: Flags [P.], seq 28408:28415, ack 61719, win 1452, length 7


    Default DROP    TCP         10.0.bbb.bbb    :    443
    →    172.nnn.nnn.nnn    :    50243
         [RST]    len=40    ttl=63    tos=0x00    srcmac=7c:cccccccccc    dstmac=00

    Default DROP    TCP         10.0.bbb.bbb    :    443
    →    172.nnn.nnn.nnn    :    50243
         [RST]    len=40    ttl=63    tos=0x00    srcmac=7c:cccccccc    dstmac=00




Any Hint what’s going on there?

Greetings