Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 3287 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Oddball issue with Skip Transparent Mode Source Hosts/Nets

joelwatts

Details:

SG135w running 9.405-5

wifi and eth1 bridged for "Son" - DHCP running on this interface = 192.168.0.0 - goes out to a switch and feeds his side of the building

eth7 for configured for "Dad" - NO DHCP  (Dad has a domain controller that handles DHCP - 192.168.1.0) - goes into a switch and feeds his side of the building

Webfilter running with both Dad and Son in the allowed network lists

Son wants his PC and phone unblocked.  Created definitions / fixed IP's for devices - dropped them in the Skip Transparent Mode container and boom they work.

Linux (Ubuntu) device on Dads network needs to be unblocked.  I added device definition as a host with IP 192.168.1.23 - later added MAC to the descriptor as well.

I dropped device into Skip Transparent Mode Source Hosts/Nets and the device still has ports being blocked.  

Created firewall rule allowing device 192.168.1.23 using any service to go to WAN and then later to ANY, but ports are still being blocked.

Turned off webfiltering on Dad and issues still exist.

I was going to add all of the destination addresses manually to the "Skip Transparent Mode Destination Hosts/Nets" so I started with a full network of 216.187.127.0/24 and a few of the tests suddenly worked, but oddly 216.187.127.211:10799 and 216.187.127.211:10805 are still blocked.  Those same ports are open on other addresses in that subnet.  There are dozens of other destination addresses this box hits that I just don't want to have to type in manually if I don't have to.  And even with typing in the destination, we still show ports blocked, so I'm hoping we can get this resolved with a source rule. 

This is the first device we have tried to bypass webfiltering for on Dad's side of the office.  Son has had several items / issues, but they have all been resolved by firewall rules, exception list tweaking, and the Skip Transparent Mode feature.

Are we going to have to turn on DHCP on eth7 / Dad to get this to work?

Thanks in advance.

Joel IV

Before tweaking destinations:

After tweaks:



This thread was automatically locked due to age.
Unfiltered HTML