This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall rule does not work.

Hello

 

I got a XG firewall and after I saw wierd traffic coming from a browser I added a firewall rule to block the suspicous traffic. Although the traffic still flow, it does not care about the rule. How does that can be?

The rule is added on top, and there is no other interference. I succesfully operate this firewall with all other rules working. I just cant believe that.

 



This thread was automatically locked due to age.
  • Hi,

    open logviewer and create a filter for the IP address of the device and see which firewall rule is allowing the traffic out.

    Ian

     

    Fixed spell checker mistake which made the sentence totally incorrect.

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with AP55/c - 20w. 
    If a post solves your question use the 'This helped me' link.
  • Thanks for your reply. The problem is that the traffic is allowed not disallowed. There is a drop traffic firewall rule on top, which is based on a IP range. The problem is that the rule stands there activated, but its just ignored by the firewall, like its non existant. I can add other rules, and they are all working as intended. Log Viewer and other tests proof it. Just this particular IP range wont get blocked by the firewall, for a reason I cant understand.

  • Tom,

    please share the firewall rules.

    Thanks

    Luk

    Security Architect

    UTM Certified Architect - XG Certified Architect

  • Thanks for your reply. I will post it soon, Atm very busy.

  • Hi Tom,

    is was supposed to say which rule is allowing the traffic out. I have since corrected the post.

    Which rule is allowing the traffic out?

    Ian

     
    V18.0.x - e3-1225v5 6gb ram on 4 port MB with AP55/c - 20w. 
    If a post solves your question use the 'This helped me' link.
  • Well it has been long time ago. But now I just ran another time in an issue with a firewall rule not working. Now I can provide full infos on this one:

    By using synchronized app control, I block pingsender.exe for example:

    But this guy still makes it through, by the firewall rule which allows outgoing traffic with an applied application rule, which should block pingsender.exe.

  • Thanks for the screenshot.

    Is decryption and scanning enabled?

    Luk

    Security Architect

    UTM Certified Architect - XG Certified Architect

  • yep, https is enabled.

  • The Diagnostic section -> Live activites lists pingsender, so its recoginzed, but still allowed somehow:

     

    Additonally, The synchronized app controls works in other cases. It blocks the apps without issues, just this one here gets through for an unknown reasons. Thanks for your time.

  • sorry for this step-by-step answer. Just trying to provide all the necessary info.

    App path is accurate, The same as in sychronized app control loads up as shown by Procmon (sysinternals).