Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 4962 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RED Branches traffic drops due to firewall rule "0"

Arvin Carlos

Hello,

 

Kindly help us please, we have strange traffic drops on our RED branches, their connection to the HQ sometimes get through, and sometimes you need to wait for some times in other words it is erratic, I see these logs and I am very sure that the firewall  rule is implemented properly...can anyone please help...we are losing business and the branches are on my shoulder...

The rule: RED ZONE TO HQ LAN ZONE -> ANY SERVICE -ALLOWED (I created an any rule for troubleshooting purposes because maybe I miss some ports,  but still we are having the issue)

 



This thread was automatically locked due to age.
Parents
  • 0

    I would suggest to do a tcpdump on shell. Invalid traffic is an indicator for "communication works on layer 1-4 but not on layer 5-7". So maybe RDP is not working, because the RDP server is rejecting the clients. 

    Go to the shell - Press 5 --> 3 (advanced shell).

    tcpdump -ni any port 3389 and host 'Insert client IP' 

    Restart the RDP Session - You should see the packets coming and going.

    Post your output here and we try to help you understand, what is happing.

    But - tbh - if you have a critical case here - open a support case. 

  • 0 in reply to LuCar Toni

    Thanks, I will do your advice asap when our network is non production, but why sometimes the  traffic is flowing? is this a conntrack issue?...do I need  to tweak the default idle conntrack sessions which is 4 hours from the XG?...but sometimes the socket is not passing thru even in less than an hour so it doesn't make sense to adjust the 3 hours default..also fyi we are not using identity based rule...

Reply
  • 0 in reply to LuCar Toni

    Thanks, I will do your advice asap when our network is non production, but why sometimes the  traffic is flowing? is this a conntrack issue?...do I need  to tweak the default idle conntrack sessions which is 4 hours from the XG?...but sometimes the socket is not passing thru even in less than an hour so it doesn't make sense to adjust the 3 hours default..also fyi we are not using identity based rule...

Children
No Data