Unable to open port /NAT on USG40W

ice2921 · July 2022

I have followed both of these guide to a "T" and my USG40W refuses to port forward:
https://mysupport.zyxel.com/hc/en-us/articles/360003880919--ZyWALL-USG-

How-to-open-ports-on-a-ZyWALL-USG-router-Port-Forwarding-NAT-
https://support.zyxel.eu/hc/en-us/articles/360001390934-NAT-Rule-Configuration-on-a-USG-Port-Forwarding-

I have checked and rechecked my objects and ports, but nothing seems to work in the logs I can see that traffic from expected IPs is trying to connect in because I get the following message:

notice

Security Policy Control

Match default rule, DROP [count=22]

There is definitely a policy at priority one that allows the appropriate service. What am i doing wrong here?

PeterUK · July 2022

Check the port role and port you are connected too

mMontana · July 2022

NAT instruct your device about how manage the packages.
Then security policy allows the traffic.

If you will publish (even masked/with data replaced) both NAT and Security policies i could analyze it and make my suggestions.

PeterUK · July 2022

In the NAT rule have you left "source IP" to any?

ice2921 · July 2022

Yes, source IP is set to any.

Image: https://us.v-cdn.net/6029482/uploads/editor/2f/g7yno8ifwkex.png

ice2921 · July 2022

mMontana said:

NAT instruct your device about how manage the packages.
Then security policy allows the traffic.

If you will publish (even masked/with data replaced) both NAT and Security policies i could analyze it and make my suggestions.

Yes I am familiar on this concept and I am pretty sure its configured correctly

NAT:

Security policy:

Preview

PeterUK · July 2022

Check the port role and port you are connected too

ice2921 · July 2022

PeterUK said:

Check the port role and port you are connected too

What do you mean?

PeterUK · July 2022

In config > network > interface that the device is connected to the port for Lan2

Unable to open port /NAT on USG40W

Accepted Solution

All Replies

Categories

Security Help Center