DeanH 
Freshman Member
Comments
-
Finally figured it out. I forgot that on the security policy, it wants to see the LAN1 port, not the WAN port as the Service. That is so confusing since I am used to a WAN rule utilizing WAN components (IP/ports), not LAN components (IP/ports).
-
I ended up removing the rule completely and rebuilding it again. It is now working. However, I found another rule that is for management access to the PBX that is also blocking the packets. On this one, I changed the service object from a specific port on the external side to match with the same port on the LAN1 side…
-
I have also rebooted it to see if that works, but no. Still blocking for some unknown reason. It is like the original rule is not being seen in the table and the default rule is catching the packets.
-
Hello all, PeterUK, thank you for that. I will keep that in mind if I get into that kind of jam. I have configs from older firmware versions just in case I need to figure out what it was versus what it now needs to be. Each time a new firmware comes out, I save a new version of the base config to make it easier. mMontana,…
-
mMontana is correct, I'm referring to brand new devices right out of the box. So, there is no issue going from 4.33 to 5.31 in one shot on a brand spanking new device? I'll try that on my next one and let y'all know. We ship out a couple a week, so it won't be long. Now, on one that is live and behind on firmware (you know…
-
Zyxel_Cooldia, thank you for your reply. That is what I thought.
-
Hello Zyxel_Cooldia, Thank you for your suggestion. I will try that next time. The problem on this one is that the customer rebooted it before calling us, so it reset whatever was occurring and cleared it before we got to look at it. Is there a way to run those commands and dump them to a file for long term storage for a…
-
Where is this fastforward feature located?
-
Zyxel_Jeff, Thank you for the data. I had the external (WAN) port in the security rule instead of the internal (LAN) port. I swap from firewall to firewall throughout the day and I sometimes forget which ones want the external port and which want the internal port in the access rules/security policies. Admittedly, it is a…
-
Thank you Zyxel_Jeff. I had the external (WAN) port on the security policy rather than the internal (LAN) port. I had been switching them back and forth during troubleshooting and left it like that the last time. I jump between firewalls all day and sometimes forget which ones want the internal port on what appears to be…
-
Hello mMontana and Zyxel_Jeff, Thank you for your respective replies. mMontana, it has been my experience that when a policy rule is missing, the log shows the following error: Match default rule, DROP Zyxel_Jeff, I sent you the two requested files.
-
Yeah, it used to work on this unit. Just today it started not working for us. Thanks for the clarification on the source vs external IP.
-
For further data, here is the configuration of the NAT rule with possibly sensitive data replaced with variables < >: Enable Rule: checked Rule Name: <name of SSH rule> Port Mapping Type, Classification: Virtual Server Incoming Interface: wan Source IP: any External IP: any Internal IP: <PBX card IP> Port Mapping Type:…
-
I have triple checked the NAT and security policy. It is the same as before with the original external port. All the log tells me - with logging enabled - is the following: "Match default rule, DNAT Packet, DROP" That indicates the NAT rule is dropping the packet for some reason. I have even removed and re-added the NAT…
-
Yesterday afternoon, the WISP technician came by and checked the equipment and it was only negotiating 10 Mbps for him as well. He started by replacing the cable and adding a Network Interface Device (NID)/lightning suppressor. Once he did that, it negotiated to 1000 Mbps/full duplex as it should. And, I did not change the…
