Unable to open port /NAT on USG40W

ice2921
ice2921 Posts: 7  Freshman Member
First Comment Second Anniversary
I have followed both of these guide to a "T" and my USG40W refuses to port forward:
https://mysupport.zyxel.com/hc/en-us/articles/360003880919--ZyWALL-USG-

How-to-open-ports-on-a-ZyWALL-USG-router-Port-Forwarding-NAT-
https://support.zyxel.eu/hc/en-us/articles/360001390934-NAT-Rule-Configuration-on-a-USG-Port-Forwarding-

I have checked and rechecked my objects and ports, but nothing seems to work in the logs I can see that traffic from expected IPs is trying to connect in because I get the following message:

notice
Security Policy Control
Match default rule, DROP [count=22]

There is definitely a policy at priority one that allows the appropriate service. What am i doing wrong here?

Accepted Solution

  • PeterUK
    PeterUK Posts: 3,771  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    Answer ✓

    Check the port role and port you are connected too


All Replies

  • mMontana
    mMontana Posts: 1,426  Guru Member
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch 50 Answers 1000 Comments
    NAT instruct your device about how manage the packages.
    Then security policy allows the traffic.

    If you will publish (even masked/with data replaced) both NAT and Security policies i could analyze it and make my suggestions.
  • PeterUK
    PeterUK Posts: 3,771  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    In the NAT rule have you left "source IP" to any?
  • ice2921
    ice2921 Posts: 7  Freshman Member
    First Comment Second Anniversary
    Yes, source IP is set to any.

  • ice2921
    ice2921 Posts: 7  Freshman Member
    First Comment Second Anniversary
    mMontana said:
    NAT instruct your device about how manage the packages.
    Then security policy allows the traffic.

    If you will publish (even masked/with data replaced) both NAT and Security policies i could analyze it and make my suggestions.
    Yes I am familiar on this concept and I am pretty sure its configured correctly

    NAT:


    Security policy:

    Preview
  • PeterUK
    PeterUK Posts: 3,771  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    Answer ✓

    Check the port role and port you are connected too


  • ice2921
    ice2921 Posts: 7  Freshman Member
    First Comment Second Anniversary
    PeterUK said:

    Check the port role and port you are connected too


    What do you mean? 

  • PeterUK
    PeterUK Posts: 3,771  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    In config > network > interface that the device is connected to the port for Lan2