Unable to open port /NAT on USG40W

ice2921
ice2921 Posts: 7
First Anniversary First Comment
I have followed both of these guide to a "T" and my USG40W refuses to port forward:
https://mysupport.zyxel.com/hc/en-us/articles/360003880919--ZyWALL-USG-

How-to-open-ports-on-a-ZyWALL-USG-router-Port-Forwarding-NAT-
https://support.zyxel.eu/hc/en-us/articles/360001390934-NAT-Rule-Configuration-on-a-USG-Port-Forwarding-

I have checked and rechecked my objects and ports, but nothing seems to work in the logs I can see that traffic from expected IPs is trying to connect in because I get the following message:

notice
Security Policy Control
Match default rule, DROP [count=22]

There is definitely a policy at priority one that allows the appropriate service. What am i doing wrong here?

Accepted Solution

  • PeterUK
    PeterUK Posts: 2,654  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    Check the port role and port you are connected too


All Replies

  • mMontana
    mMontana Posts: 1,298  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    NAT instruct your device about how manage the packages.
    Then security policy allows the traffic.

    If you will publish (even masked/with data replaced) both NAT and Security policies i could analyze it and make my suggestions.
  • PeterUK
    PeterUK Posts: 2,654  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    In the NAT rule have you left "source IP" to any?
  • ice2921
    ice2921 Posts: 7
    First Anniversary First Comment
    Yes, source IP is set to any.

  • ice2921
    ice2921 Posts: 7
    First Anniversary First Comment
    mMontana said:
    NAT instruct your device about how manage the packages.
    Then security policy allows the traffic.

    If you will publish (even masked/with data replaced) both NAT and Security policies i could analyze it and make my suggestions.
    Yes I am familiar on this concept and I am pretty sure its configured correctly

    NAT:


    Security policy:

    Preview
  • PeterUK
    PeterUK Posts: 2,654  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    Check the port role and port you are connected too


  • ice2921
    ice2921 Posts: 7
    First Anniversary First Comment
    PeterUK said:

    Check the port role and port you are connected too


    What do you mean? 

  • PeterUK
    PeterUK Posts: 2,654  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer

    In config > network > interface that the device is connected to the port for Lan2


Security Highlight