ATP800 firewall zone rule continue working after delete VTI from zone

alexey
alexey Posts: 188  Master Member
First Comment Friend Collector Fifth Anniversary
edited April 2023 in Security

ATP800.

Default policy deny all traffic.

Created rule to allow all from ipsec to ipsec.

After delete VTI interface from zone ipsec and added it to new zone, traffic from this interface continue goes to ipsec.

Logs show, that traffic goes via rule ipsec to ipsec.

src="172.20.67.2:44714" dst="172.20.16.9:135" msg="priority:178, from IPSec_VPN to IPSec_VPN, TCP, service others, ACCEPT" note="ACCESS FORWARD" user="unknown" devID="aabbccddeeff" cat="Security Policy Control" class="Access Control" ob="0" ob_mac="000000000000" dir="IPSec_VPN:IPSec_VPN" protoID=6 proto="others"

How it could be on firewalls?

Screenshots:

vti999 that in zone cloud

goes to vti1 in zone ipsec

default rule to deny all

All Replies

  • Zyxel_James
    Zyxel_James Posts: 663  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate 100 Answers

    Hello @alexey,
    Do you mean that you have two VTIs that are located in different zones and the traffic between them should be denied by default rule but the logs show it has been allowed by the rule "IPSec_VPN to IPSec_VPN"?

    Please share your interface settings and the security policy for further checking, thanks.

    James

  • alexey
    alexey Posts: 188  Master Member
    First Comment Friend Collector Fifth Anniversary

    Yes, i mean that.

    In beginning this 2 VTIs was in 1 default ipsec zone.

    After i remove vti999 grom ipsec zone and add to new custom zone cloud, traffic not start blocking.

    Accepts by rule PSec_VPN to IPSec_VPN

Security Highlight