Match default rule, DROP

Options
RBattaglia
RBattaglia Posts: 4 image  Freshman Member
First Comment Fourth Anniversary
in Security
Hello All,

I have a VPN100 that has been set up correctly with a service for the port I need to use to forward our accounting traffic to the server.  I have also created the Policy Control to allow it to go to the correct IP address and have created a NAT rule to allow it in.  But for some reason the default rule is constantly blocking it with 
Security Policy Control
Match default rule, DROP [count=3].  I don't know what I am doing wrong or missing.  I have now been on hold with Zyxel Support for almost an hour with anyone picking up - very frustrating.  Any suggestions would really help.

Accepted Solution

  • RBattaglia
    RBattaglia Posts: 4 image  Freshman Member
    First Comment Fourth Anniversary
    Answer ✓
    I was finally able to get through to a tech and found out that the settings for NAT rules are a bit different on the new VPN units versus the old USG ones.  I had the WAN in the wrong location in the rule.  All is working fine now.

All Replies

  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 1,539 image  Guru Member
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    edited February 2022
    Hi @RBattaglia,
    You may check corresponding security policy to see if it matches the criteria From and To.
    Most fail case on mis    match security policy criteria zone setting From and To.
  • RBattaglia
    RBattaglia Posts: 4 image  Freshman Member
    First Comment Fourth Anniversary
    Answer ✓
    I was finally able to get through to a tech and found out that the settings for NAT rules are a bit different on the new VPN units versus the old USG ones.  I had the WAN in the wrong location in the rule.  All is working fine now.

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)