Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 27 subscribers
  • Views 3464 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall rule blocks packets although definition does not apply

Alexander Fuchs

Hi @ All,

I have just made the following not funny experience. Frowning2

The following rule should block all TCP80 und TCP443 traffic from some selected countries to the following WAN Interface IP (xxx.xxx.84.37).

 

Now, according to the logs, however, something completely different is blocked.

The blocked IP is not a part of the rule.

Also the destination port "65002".

?????????????????????    :-(

 

Hardware: XG330 HA

Software: SFOS 17.1.2 MR-2

 

Regards from Germany

 

Alexander Fuchs



This thread was automatically locked due to age.
Parents
  • 0

    Hi Alexander,

    my understanding is you can't block traffic from reaching an interface because you would need a device outside of your XG to achieve this. The block country should drop/reject the packets from getting any further into the XG processing system. Also why only 80 and 443, why not all services?

    Have you checked which country the address range is assigned to, yes, I know you are in Germany and maybe you have a sub range which is assigned to e country on your block list?

    Ian

  • 0 in reply to rfcat_vk

    Hi Rfcat,

     

    the sense of the rule is, to block some "unwanted" countries to accees a webshop-application.

    The operator only delivers from Germany to Germany.

    I have intentionally created a separate rule to preserve the overview of the blocked traffic.

    The rule itself works fine, however, I see a lot of traffic in the logs, which is blocked by this, although the conditions do not apply. … ???

     

    Regards from Germany

     

    Alexander

Reply
  • 0 in reply to rfcat_vk

    Hi Rfcat,

     

    the sense of the rule is, to block some "unwanted" countries to accees a webshop-application.

    The operator only delivers from Germany to Germany.

    I have intentionally created a separate rule to preserve the overview of the blocked traffic.

    The rule itself works fine, however, I see a lot of traffic in the logs, which is blocked by this, although the conditions do not apply. … ???

     

    Regards from Germany

     

    Alexander

Children
No Data