Ghost traffic

nacho · October 2022

Hello,
I cannot access a service/port when the firewall (security policy) is enabled, but the traffic goes through when it is disabled.
However, I cannot see the traffic entry in the logs so I can whitelist it and reenable my firewall.

Kindly advise

Model: USG1100

Zyxel_Kevin · November 2022

Hi @nacho,

The asymmetric route led to the issue.

Create a policy based route on the L3 device where under the firewall to ensure the return traffic through the firewall.

The issue was resolved. Thanks your time.

Kevin

Zyxel_Kevin · October 2022

Hi @nacho,
Please check you don't have the rule such like Src:LAN DST:WAN ACT:Block
And kindly provide your configuration via Private Message.
I'll check and give the advice.
Thank you

nacho · October 2022

Okay i will send the configuration.
Actually it is WAN to DMZ

Zyxel_Kevin · October 2022

Hi @nacho,
I saw each WAN to DMZ rules have restricted destination IP.
If only specific address cannot pass , please check you have the rule for the destination addresses.

If the issue still we can have the remote session and please send your available time.
Thank you
Kevin

nacho · November 2022

Hi @Zyxel_Kevin
We can do on Friday(04/11/2022) - 9am gmt+1

Zyxel_Kevin · November 2022

Hi @nacho,
Please provide remote information at that time.
Thank you

Zyxel_Kevin · November 2022

Hi @nacho,

The asymmetric route led to the issue.

Create a policy based route on the L3 device where under the firewall to ensure the return traffic through the firewall.

The issue was resolved. Thanks your time.

Kevin

Ghost traffic

Accepted Solution

All Replies

Categories

Security Help Center