ATP200 issue - Trafic blocked
Hi,
I have an issue with ATP200, this firewall blocks mostly all the trafic even I don't have any active security rules activated. I didn't touch any rules, it was working fine before and since a couple of days I have these in my logs :
2024-02-20 16:24:11Security policy192.168.1.14856671216.239.32.117443Rule name=SF_CLIENT_POLICY_7b0235f4-7d36, TCP Port 443, DROP2024-02-20 16:24:11Security policy192.168.1.14856645216.58.212.163443Rule name=SF_CLIENT_POLICY_7b0235f4-7d36, TCP Port 443, DROP2024-02-20 16:24:11Security policy192.168.1.1485667252.168.112.66443Rule name=SF_CLIENT_POLICY_7b0235f4-7d36, TCP Port 443, DROP2024-02-20 16:24:11Security policy192.168.1.1485667313.89.179.11443Rule name=SF_CLIENT_POLICY_7b0235f4-7d36, TCP Port 443, DROP2024-02-20 16:24:11Security policy192.168.1.1485667252.168.112.66443Rule name=SF_CLIENT_POLICY_7b0235f4-7d36, TCP Port 443, DROP2024-02-20 16:24:11Security policy192.168.1.14856670142.250.185.78443Rule name=SF_CLIENT_POLICY_7b0235f4-7d36, TCP Port 443, DROP
These are the security default rules :
My firmware version is : V5.37(ABFW.1)
Please advice. Thank you.
All Replies
-
(copy-pasting your log output for easy reading)
Log entry Date
Log Time
Source policy type
Source address
Source port
Destination address
Port
Rule descriptor (name, type, number)
Rule identifier
Rule port type
Rule action
2024-02-20
16:24:11
Security policy
192.168.1.148
56671
216.239.32.117
443
Rule name=SF_CLIENT_POLICY_7
b0235f4-7d36
TCP Port 443
DROP
2024-02-20
16:24:11
Security policy
192.168.1.148
56645
216.58.212.163
443
Rule name=SF_CLIENT_POLICY_7
b0235f4-7d36
TCP Port 443
DROP
2024-02-20
16:24:11
Security policy
192.168.1.148
56672
52.168.112.66
443
Rule name=SF_CLIENT_POLICY_7
b0235f4-7d36
TCP Port 443
DROP
2024-02-20
16:24:11
Security policy
192.168.1.148
56673
13.89.179.11
443
Rule name=SF_CLIENT_POLICY_7
b0235f4-7d36
TCP Port 443
DROP
2024-02-20
16:24:11
Security policy
192.168.1.148
56672
52.168.112.66
443
Rule name=SF_CLIENT_POLICY_7
b0235f4-7d36
TCP Port 443
DROP
2024-02-20
16:24:11
Security policy
192.168.1.148
56670
142.250.185.78
443
Rule name=SF_CLIENT_POLICY_7
b0235f4-7d36
TCP Port 443
DROP
1 -
Looking at your last security policy rule entry, it looks like all traffic is blocked:
Action
Protocol
Source
Destination
Port dst
Schedule
Description
Deny
Any
Any
Any
Any
Always
Default rule
I am not 100% sure, but it looks like there is a default rule to block all traffic. Maybe it needs to be modified to block only unwanted port traffic or IP addresses?
0 -
Hi @Fanta88 ,
Greeting Forum,
Please kindly provide your org name by Private message also grant zyxel support access.
We would do the check.
Thank you
0 -
0
-
0
Master Member
Zyxel Employee
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 151 Nebula Ideas
- 98 Nebula Status and Incidents
- 5.7K Security
- 277 USG FLEX H Series
- 277 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 42 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 395 News and Release
- 85 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.6K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 74 Security Highlight
