FLEX500: Match default rule DNAT Packet, DROP
Options
Hello,
Can anybody explain that type of log like below:?
Match default rule DNAT Packet, DROP source: 192.168.100.12 --- dest.: 192.168.100.1
I haven't any NAT service to that subnet configured.
I have one NAT rule but destination address is in different subnet (different vlan)
0
All Replies
-
https://community.zyxel.com/en/discussion/3993/match-default-rule-dnat-packet-drop
Not sure how much it helps, but at least it can give you a little bit of insight to what the parts can be. You may also want to review the list of rules to see if any of them affect the NAT behaviour.1 -
Hi @tomeC,
Does your firewall have any interface binding subnet 192.168.100.X/24?
Moreover, please help to check if there are any physical cable attached between lan and wan switch.0 -
1. Yes, interface is in DMZ zone (base port also dmz)2. No, there is no physical cable between LAN and WAN
0 -
I found that CDR security service is a cause of it. After disabling there is no more problems. Actually that scope (192.168.100.X/24) belongs to vlan which is in Qarantine VLAN ID in CDR settings, but I cant remove it - can't set it to "none"?Can anybody explain this behaviour?0
-
0
Master Member
Zyxel Employee
Categories
- All Categories
- 390 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 220 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight
