NAT-Rules require reboot for anything
Freshman Member
Type: USG FLEX 500H
FW: V.1.20(ABZH.1, 21.05.2024)
//edit. Seems to be the same as:
We recently replaced an ATP 200 with a USG500H Flex, and i preprogrammed the Firewall, before swapping it.
I Programmed about ~50 NAT Rules beforehand, and when i delivered the Firewall everything worked normally.
But last week i was supposed to change one of the NAT-Rules slightly, by changing the Source-Address this NAT-Rule applies to to a different one.
At the same time i modified the corresponding Firewall Rule, and tried it out, and it didn't work.
I changed the NAT-Rule and Firewall Rule back tested it, and it worked.
With the old IP
I created a new separate NAT and Firewall Rule at Position 1 to test it out from my own System.
Example:
Interface: ge1
Source-IP: [My Public IP]
External IP: any
Internal IP: [IP of a Fileserver]
Port Mapping Type: Service
Internal/External Service: SMB
Firewall Rule:
FROM: WAN
TO: LAN
Source: [My Public IP]
Destination: [IP of a Fileserver]
Service: SMB
User: any
Schedule: none
Action: allow
Log: log alert
I then tried to access the SMB via \\[Public IP of Firewall] to see what happens.
I didn't get a connection
The Policy did not generate any Hits nor were there any alert Logs in the Logfile.
But i showed up in the Logfile as getting Blocked by the default Policy Rule.
I was confused by this, and after experimenting a lot more i decided to just reboot the firewall.
After the reboot, the same NAT-Rule that didn't work suddendly worked.
Being confused, i tried some things.
Changes to existing NAT Rules do not apply, it still uses the old settings until reboot.
Deleted NAT Rules still apply until reboot.
Deactivating an active NAT Rule does not have an effect until reboot
Activating NAT Rules that have been disabled before Reboot can be activated, but don't work until reboot.
Newly Created NAT Rules do not apply until reboot.
The Reference on Object for NAT Rules only get added/removed after reboot.
For example i create this Example Object and put it in a rule. The reference does not show, even when Howering over the Object in the NAT Ruleset.
Anybody else experienced something like this?
All Replies
-
Yes! same here with a 200H, after about 6 rules, every change i made needs a reboot
0 -
It seems the new Firmware somewhat mitigated the Problem, but its still there.
I had a rule at Position 65, that didn't work, if i moved it up for example to Rule 10, then the NAT Rule suddendly worked.
It has been working until three weeks ago, which was shortly before the firewall auto-updated to the newest firmware.
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight
