Flex 200 and web server problems

Options
CRP0499
CRP0499 Posts: 16  Freshman Member
First Anniversary 10 Comments

I have a new Flex 200 and one web server behind it. I built my NAT (virtual server) and my security policy and it's still getting dropped when the traffic comes in.

At first, I thought it was because the device was on 443 for management so I reconfigured the device to use 8443 and that's working fine, but still, I can't get my web server (or my RRA) accessible from the outside.

Here's what I did:

I created an object for my external IP as a host.

I created an object for my internal IP as a host.

I created the NAT policies and the sec policy and applied them.

In the log, I'm seeing the traffic dropped with the message below:

Match default rule, DNAT Packet, DROP

i'm struggling on this one. Thanks

Accepted Solution

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 798  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options

    Hi @CRP0499 ,

    Greeting Form, From your statements it sould like you are missing a security policy.

    Please kindly check if you have the rule like this and the higher priority:

    (Please check the address is the real web IP, it may private IP)

    If the issue still persist, please provide the config file by private message.

    Thank you

All Replies

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 798  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options

    Hi @CRP0499 ,

    Greeting Form, From your statements it sould like you are missing a security policy.

    Please kindly check if you have the rule like this and the higher priority:

    (Please check the address is the real web IP, it may private IP)

    If the issue still persist, please provide the config file by private message.

    Thank you

  • CRP0499
    CRP0499 Posts: 16  Freshman Member
    First Anniversary 10 Comments
    Options

    That was it! Missing a WAN to LAN policy.

Security Highlight