ATP200 issue - Trafic blocked

Hi,

I have an issue with ATP200, this firewall blocks mostly all the trafic even I don't have any active security rules activated. I didn't touch any rules, it was working fine before and since a couple of days I have these in my logs :

2024-02-20 16:24:11Security policy192.168.1.14856671216.239.32.117443Rule name=SF_CLIENT_POLICY_7b0235f4-7d36, TCP Port 443, DROP2024-02-20 16:24:11Security policy192.168.1.14856645216.58.212.163443Rule name=SF_CLIENT_POLICY_7b0235f4-7d36, TCP Port 443, DROP2024-02-20 16:24:11Security policy192.168.1.1485667252.168.112.66443Rule name=SF_CLIENT_POLICY_7b0235f4-7d36, TCP Port 443, DROP2024-02-20 16:24:11Security policy192.168.1.1485667313.89.179.11443Rule name=SF_CLIENT_POLICY_7b0235f4-7d36, TCP Port 443, DROP2024-02-20 16:24:11Security policy192.168.1.1485667252.168.112.66443Rule name=SF_CLIENT_POLICY_7b0235f4-7d36, TCP Port 443, DROP2024-02-20 16:24:11Security policy192.168.1.14856670142.250.185.78443Rule name=SF_CLIENT_POLICY_7b0235f4-7d36, TCP Port 443, DROP

These are the security default rules :

My firmware version is : V5.37(ABFW.1)

Please advice. Thank you.

All Replies

  • smb_corp_user
    smb_corp_user Posts: 159  Master Member
    First Anniversary 10 Comments Friend Collector First Answer

    (copy-pasting your log output for easy reading)

    Log entry Date

    Log Time

    Source policy type

    Source address

    Source port

    Destination address

    Port

    Rule descriptor (name, type, number)

    Rule identifier

    Rule port type

    Rule action

    2024-02-20

    16:24:11

    Security policy

    192.168.1.148

    56671

    216.239.32.117

    443

    Rule name=SF_CLIENT_POLICY_7

    b0235f4-7d36

    TCP Port 443

    DROP

    2024-02-20

    16:24:11

    Security policy

    192.168.1.148

    56645

    216.58.212.163

    443

    Rule name=SF_CLIENT_POLICY_7

    b0235f4-7d36

    TCP Port 443

    DROP

    2024-02-20

    16:24:11

    Security policy

    192.168.1.148

    56672

    52.168.112.66

    443

    Rule name=SF_CLIENT_POLICY_7

    b0235f4-7d36

    TCP Port 443

    DROP

    2024-02-20

    16:24:11

    Security policy

    192.168.1.148

    56673

    13.89.179.11

    443

    Rule name=SF_CLIENT_POLICY_7

    b0235f4-7d36

    TCP Port 443

    DROP

    2024-02-20

    16:24:11

    Security policy

    192.168.1.148

    56672

    52.168.112.66

    443

    Rule name=SF_CLIENT_POLICY_7

    b0235f4-7d36

    TCP Port 443

    DROP

    2024-02-20

    16:24:11

    Security policy

    192.168.1.148

    56670

    142.250.185.78

    443

    Rule name=SF_CLIENT_POLICY_7

    b0235f4-7d36

    TCP Port 443

    DROP

  • smb_corp_user
    smb_corp_user Posts: 159  Master Member
    First Anniversary 10 Comments Friend Collector First Answer

    Looking at your last security policy rule entry, it looks like all traffic is blocked:

    Action

    Protocol

    Source

    Destination

    Port dst

    Schedule

    Description

    Deny

    Any

    Any

    Any

    Any

    Always

    Default rule

    I am not 100% sure, but it looks like there is a default rule to block all traffic. Maybe it needs to be modified to block only unwanted port traffic or IP addresses?

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 752  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @Fanta88 ,

    Greeting Forum,

    Please kindly provide your org name by Private message also grant zyxel support access.

    We would do the check.

    Thank you

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 752  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @Fanta88 ,

    I think you already open a ticket to local support.

    We're checking on it.

    Thank you

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 752  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @Fanta88 ,

    We already solved the issue

    Please kinldy check if those clients works.Thank you

Security Highlight