Flex 200 and web server problems
Freshman Member
I have a new Flex 200 and one web server behind it. I built my NAT (virtual server) and my security policy and it's still getting dropped when the traffic comes in.
At first, I thought it was because the device was on 443 for management so I reconfigured the device to use 8443 and that's working fine, but still, I can't get my web server (or my RRA) accessible from the outside.
Here's what I did:
I created an object for my external IP as a host.
I created an object for my internal IP as a host.
I created the NAT policies and the sec policy and applied them.
In the log, I'm seeing the traffic dropped with the message below:
Match default rule, DNAT Packet, DROP
i'm struggling on this one. Thanks
Accepted Solution
-
Hi @CRP0499 ,
Greeting Form, From your statements it sould like you are missing a security policy.
Please kindly check if you have the rule like this and the higher priority:
(Please check the address is the real web IP, it may private IP)
If the issue still persist, please provide the config file by private message.
Thank you
0
Zyxel Employee
All Replies
-
Hi @CRP0499 ,
Greeting Form, From your statements it sould like you are missing a security policy.
Please kindly check if you have the rule like this and the higher priority:
(Please check the address is the real web IP, it may private IP)
If the issue still persist, please provide the config file by private message.
Thank you
0 -
That was it! Missing a WAN to LAN policy.
1
Categories
- All Categories
- 431 Beta Program
- 2.6K Nebula
- 165 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 365 USG FLEX H Series
- 292 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 263 Service & License
- 407 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 83 Security Highlight
