This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[Solved] - User error - UTM not accepting a firewall rule (or... I'm an idiot) help please

So this is basic

I'm setting up a firewall rule to allow specific VPN traffic

Here's the specific service definition


Attempting to setup a VPN, I get this...

Here are some of the same drops from the full firewall log


Why is this traffic getting blocked?

Key concern is the destination address.
Why is this traffic going to the network address?
This is an Android device so there  little hope of finding a rational adult there to assist.
I'm just hoping I can find some answers here.



This thread was automatically locked due to age.
Parents
  • Looks like you don't have a rule allowing traffic to the internal network.

    Ian

    XG115W - v19.5 GA - Home

    Test machine - Asus P10S-i E3-1225v5, 6gb, 4 intel NICs, v19.5 GA

    If a post solves your question please use the 'Verify Answer' button.

  • I can't think of traffic I would like reaching the internal network.  Can you give me an example of what this traffic might be?

  • I repeat my question: what are your interfaces / zones in relation to those interfaces

    What we know now: you have an interface "WLAN1" with 10.2.0.1 and I guess this should have /16 as mask.

    The you have "External WAN" with maybe a public address from your ISP

    rfcat_vk asked for an "Internal" LAN interface, which is normally used for a cabled network.

    If traffic from 10.2.1.7 to 10.2.0.1 is dropped, then you have something misconfigred with your subnet masks.

    With a /16 mask, 10.2.0.1 and 10.2.1.7 awould be in the same net and not cause any drops. Are these devices on the same interface?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • I repeat my question: what are your interfaces / zones in relation to those interfaces

    What we know now: you have an interface "WLAN1" with 10.2.0.1 and I guess this should have /16 as mask.

    The you have "External WAN" with maybe a public address from your ISP

    rfcat_vk asked for an "Internal" LAN interface, which is normally used for a cabled network.

    If traffic from 10.2.1.7 to 10.2.0.1 is dropped, then you have something misconfigred with your subnet masks.

    With a /16 mask, 10.2.0.1 and 10.2.1.7 awould be in the same net and not cause any drops. Are these devices on the same interface?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data