FLEX 100H firewall zone bug
Freshman Member
We ran into some odd behavior that appears to be a bug on a FLEX 100H running latest 1.32 firmware.
We have a firewall rule which blocks NetBIOS packets from ANY-to-WAN, and another rule which allows all packets from LAN-to-IPSec. For some reason, the ANY-to-WAN rule is blocking packets that are supposed to be sent over the VPN.
We can work around this issue if we reverse the order of these rules so the IPSec rule is above the ANY-to-WAN rule.
Why is the ANY-to-WAN rule blocking destination IPs which should be in the IPSec zone?
See screenshots below.
All Replies
-
Have seem this too
0 -
Hi @p4_greg
Could you enable the Zyxel support access for this site on Nebula and share an account for us to check this issue? I will send you a private message for the account info.
I did a local test that my policy rules are same as yours, but didn't see this issue.
Zyxel Melen0 -
@Zyxel_Melen Is your test using Policy-based IPSec VPN or Route-based(VTI)?
We have seen this same issue on 2 different networks/routers using FLEX 100H on both sides of a Policy-based VPN.
These routers/networks are in production at our client's locations, so if you truly cannot re-create this issue in your lab I will likely have to set up some test units for you to look at.
0 -
Can confirm this is still a issue
tested on two different subnets with both being /28
If I disable the NetBIOS block rule 1 it connects fine then when enabled blocks NetBIOS but its for to WAN2 which is not true as it is going down the VPN not out ge2 WAN2
0 -
Hi Melen,
I set up a test environment, confirmed this is still an issue, enabled Zyxel Support Access setting on the organization and created a local firewall user for you to check.
I messaged you the details as requested.
0 -
Can also setup test environment by test PC over teamviewer if needed too.
0
Guru Member
Zyxel Employee
Categories
- All Categories
- 435 Beta Program
- 2.7K Nebula
- 176 Nebula Ideas
- 118 Nebula Status and Incidents
- 6.1K Security
- 428 USG FLEX H Series
- 298 Security Ideas
- 1.6K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 44 Wireless Ideas
- 6.7K Consumer Product
- 274 Service & License
- 419 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 89 Security Highlight
