Deleted firewall rule works even after reboot - XG106

Hi,

when you filter on 443 in logviewer which rule do see being used?
ian

Hi, thanks for your reply.

Unfortunately I can't see any entries for HTTPS. If I create the HTTPS rule again and activate logging, this rule is in use.

Hi,

so what that implies is the sessions were not ended or that you have another rule eg SSL/TLS inspection active. I find there is something odd with the sessions remaining after a reboot and the firewall rule deleted.

Ian

For testing purpose I have created a drop rule for HTTPS and put it at the first position.

The page still opens and the firewall logs "Allowed" for rule ID 8.

The rules are okay, we have another appliance with identical rules:
Disabling HTTPS: site unreachable
Rule condition drop: site unreachable

I think this is a bug. Maybe because we have restored this appliance from a backup?

For testing purpose I have created a drop rule for HTTPS and put it at the first position.

The page still opens and the firewall logs "Allowed" for rule ID 8.

The rules are okay, we have another appliance with identical rules:
Disabling HTTPS: site unreachable
Rule condition drop: site unreachable

I think this is a bug. Maybe because we have restored this appliance from a backup?

Hi,

that rule is fr incoming traffic, not outgoing traffic which is what I assumed your issue is?

Ian

Hi, once again, thanks for your reply.

My problem concerns incoming traffic, maybe I should have said about it.

Hi,

inthe XG administration tab do you ha e external access to https ticked?
otherwise you must have a rule of some sort allowing that traffic?
ian

Hi,

WAN-sided is external HTTPS administration disabled.
We have just a few rules and no other rule allows that traffic. As mentioded in a few posts earlier, another appliance with the same rules works as expected.

Greetings

Hi,

any chance the cables are in the wrong interfaces?
ian

Hi,

cables are plugged in correct (just a bridge port and one port for WAN).

For testing purpose I have disabled all firewall rules and everything still works.

Only if I disable the NAT rule HTTPS is inaccessible. But disabling the firewall rule should be enough, doesn't it?

The Nat rule is for internal to external traffic, not for wan to lan traffic.

ian

We have one rule for MASQ (LAN -> WAN) and one DNAT rule to the internal server (WAN HTTPS -> LAN).

Just to be sure. You have a NAT Rule (DNAT) from WAN to LAN (a Server) and this works without any Firewall Rule? 

If you delete your drop rule, which rule will be shown in Log viewer? 

Yes, that's correct.

If I delete the drop rule and create another one at the bottom for logging, this rule is in use.

Weird, isn't it?