Unable to open port /NAT on USG40W

Options
ice2921
ice2921 Posts: 7
First Anniversary First Comment
I have followed both of these guide to a "T" and my USG40W refuses to port forward:
https://mysupport.zyxel.com/hc/en-us/articles/360003880919--ZyWALL-USG-

How-to-open-ports-on-a-ZyWALL-USG-router-Port-Forwarding-NAT-
https://support.zyxel.eu/hc/en-us/articles/360001390934-NAT-Rule-Configuration-on-a-USG-Port-Forwarding-

I have checked and rechecked my objects and ports, but nothing seems to work in the logs I can see that traffic from expected IPs is trying to connect in because I get the following message:

notice
Security Policy Control
Match default rule, DROP [count=22]

There is definitely a policy at priority one that allows the appropriate service. What am i doing wrong here?

Accepted Solution

  • PeterUK
    PeterUK Posts: 2,735  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options

    Check the port role and port you are connected too


All Replies

  • mMontana
    mMontana Posts: 1,302  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    NAT instruct your device about how manage the packages.
    Then security policy allows the traffic.

    If you will publish (even masked/with data replaced) both NAT and Security policies i could analyze it and make my suggestions.
  • PeterUK
    PeterUK Posts: 2,735  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    In the NAT rule have you left "source IP" to any?
  • ice2921
    ice2921 Posts: 7
    First Anniversary First Comment
    Options
    Yes, source IP is set to any.

  • ice2921
    ice2921 Posts: 7
    First Anniversary First Comment
    Options
    mMontana said:
    NAT instruct your device about how manage the packages.
    Then security policy allows the traffic.

    If you will publish (even masked/with data replaced) both NAT and Security policies i could analyze it and make my suggestions.
    Yes I am familiar on this concept and I am pretty sure its configured correctly

    NAT:


    Security policy:

    Preview
  • PeterUK
    PeterUK Posts: 2,735  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options

    Check the port role and port you are connected too


  • ice2921
    ice2921 Posts: 7
    First Anniversary First Comment
    Options
    PeterUK said:

    Check the port role and port you are connected too


    What do you mean? 

  • PeterUK
    PeterUK Posts: 2,735  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    In config > network > interface that the device is connected to the port for Lan2


Security Highlight