This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[Solved] - User error - UTM not accepting a firewall rule (or... I'm an idiot) help please

So this is basic

I'm setting up a firewall rule to allow specific VPN traffic

Here's the specific service definition


Attempting to setup a VPN, I get this...

Here are some of the same drops from the full firewall log


Why is this traffic getting blocked?

Key concern is the destination address.
Why is this traffic going to the network address?
This is an Android device so there  little hope of finding a rational adult there to assist.
I'm just hoping I can find some answers here.



This thread was automatically locked due to age.
  • I would try changing your protocol to either just TCP or UDP.

    UTM - 9.713-19 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SATA HDD | GB Ethernet x5

  • What are your interfaces / security zones ?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • The relevant interfaces are

    - WLAN1 which is the 10.2.0.1/16 net
    - External (WAN) which is a local ISP with gigabit fiber

  • I found a work-around which is not a solution.
    I can create a VPN while not connected to the UTM generated WLAN.
    Then  connect the phone to the WLAN.  The VPN remains stable, but I still cannot establish a new VPN connection on my Android phone using the UTM.

  • I created individual rules for TCP and UDP and saw no change.

  • Looks like you don't have a rule allowing traffic to the internal network.

    Ian

    XG115W - v19.5 GA - Home

    Test machine - Asus P10S-i E3-1225v5, 6gb, 4 intel NICs, v19.5 GA

    If a post solves your question please use the 'Verify Answer' button.

  • I can't think of traffic I would like reaching the internal network.  Can you give me an example of what this traffic might be?

  • I repeat my question: what are your interfaces / zones in relation to those interfaces

    What we know now: you have an interface "WLAN1" with 10.2.0.1 and I guess this should have /16 as mask.

    The you have "External WAN" with maybe a public address from your ISP

    rfcat_vk asked for an "Internal" LAN interface, which is normally used for a cabled network.

    If traffic from 10.2.1.7 to 10.2.0.1 is dropped, then you have something misconfigred with your subnet masks.

    With a /16 mask, 10.2.0.1 and 10.2.1.7 awould be in the same net and not cause any drops. Are these devices on the same interface?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.