Flex 200 and web server problems

CRP0499
CRP0499 Posts: 16  Freshman Member
First Comment Fourth Anniversary

I have a new Flex 200 and one web server behind it. I built my NAT (virtual server) and my security policy and it's still getting dropped when the traffic comes in.

At first, I thought it was because the device was on 443 for management so I reconfigured the device to use 8443 and that's working fine, but still, I can't get my web server (or my RRA) accessible from the outside.

Here's what I did:

I created an object for my external IP as a host.

I created an object for my internal IP as a host.

I created the NAT policies and the sec policy and applied them.

In the log, I'm seeing the traffic dropped with the message below:

Match default rule, DNAT Packet, DROP

i'm struggling on this one. Thanks

Accepted Solution

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 934  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    Answer ✓

    Hi @CRP0499 ,

    Greeting Form, From your statements it sould like you are missing a security policy.

    Please kindly check if you have the rule like this and the higher priority:

    (Please check the address is the real web IP, it may private IP)

    Image 132.png

    If the issue still persist, please provide the config file by private message.

    Thank you

All Replies

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 934  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 500 Comments
    Answer ✓

    Hi @CRP0499 ,

    Greeting Form, From your statements it sould like you are missing a security policy.

    Please kindly check if you have the rule like this and the higher priority:

    (Please check the address is the real web IP, it may private IP)

    Image 132.png

    If the issue still persist, please provide the config file by private message.

    Thank you

  • CRP0499
    CRP0499 Posts: 16  Freshman Member
    First Comment Fourth Anniversary

    That was it! Missing a WAN to LAN policy.