Flex 200 and web server problems
Freshman Member
I have a new Flex 200 and one web server behind it. I built my NAT (virtual server) and my security policy and it's still getting dropped when the traffic comes in.
At first, I thought it was because the device was on 443 for management so I reconfigured the device to use 8443 and that's working fine, but still, I can't get my web server (or my RRA) accessible from the outside.
Here's what I did:
I created an object for my external IP as a host.
I created an object for my internal IP as a host.
I created the NAT policies and the sec policy and applied them.
In the log, I'm seeing the traffic dropped with the message below:
Match default rule, DNAT Packet, DROP
i'm struggling on this one. Thanks
Accepted Solution
-
Hi @CRP0499 ,
Greeting Form, From your statements it sould like you are missing a security policy.
Please kindly check if you have the rule like this and the higher priority:
(Please check the address is the real web IP, it may private IP)
If the issue still persist, please provide the config file by private message.
Thank you
0
Zyxel Employee
All Replies
-
Hi @CRP0499 ,
Greeting Form, From your statements it sould like you are missing a security policy.
Please kindly check if you have the rule like this and the higher priority:
(Please check the address is the real web IP, it may private IP)
If the issue still persist, please provide the config file by private message.
Thank you
0 -
That was it! Missing a WAN to LAN policy.
1
Categories
- All Categories
- 435 Beta Program
- 2.7K Nebula
- 176 Nebula Ideas
- 119 Nebula Status and Incidents
- 6.1K Security
- 431 USG FLEX H Series
- 299 Security Ideas
- 1.6K Switch
- 79 Switch Ideas
- 1.2K Wireless
- 44 Wireless Ideas
- 6.7K Consumer Product
- 276 Service & License
- 428 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 89 Security Highlight
