This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion


we have just been testing our always on vpn connection which works great.

however we have noticed that some staff have had issues connecting, and we ran this command on the firewall

tail -f packetfilter.log | grep -i 

to see what was happening it turns out that when connecting over a hotspot the source port was something like 30338 or just really high in the reserved port list.

so we have changed the NAT rule on Matching condition that the source port is 1:65535

which is also the same for the action

we also had to do this for the 4500 port as well

just unsure that this is ok and not a security risk.......

as when connecting via say my isp virgin, i can connect fine no issues and so can my colleagues, however he has created a test network at home and only modified his home isp router to allow ports above open and when he tested with his hotspot it worked fine

I can only assume its the difference within the NAT protocols  

and that effectively i'm trying to force connections to come in on via the source port e.g. 500 and some providers don't like that ??


This thread was automatically locked due to age.
Parents Reply Children
No Data