TMobile CellSpot

Hi Dave,

Have you created a rule to allow the LAN zone and T-Mobile Cell Spot out to the internet? That rule allows traffic in but not out by the looks of thing? The other thing you can try is to check the "Create Reflexive Rule" button. Which essentially creates a reverse rule.

Cheers,

Ben

I had the reflexive already checked.  i added the following and still not working  these are ALL my rules.

Dave,

what a drop-packet-capture "host ip" will produce? Otherwise use a tcpdump to see what is happening on the connection for that ip/port.

Dave,

what a drop-packet-capture "host ip" will produce? Otherwise use a tcpdump to see what is happening on the connection for that ip/port.

Date=2016-04-13 Time=23:15:53 log_id=0139021 log_type=Firewall log_component= log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev=Port1 inzone_id=1 outzone_id=2 source_mac= dest_mac= l3_protocol=IP source_ip=208.54.90.1 dest_ip=10.1.1.23 l4_protocol=UDP source_port=4500 dest_port=4500 fw_rule_id=6 policytype=2 live_userid=4 userid=11 user_gp=2 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=1 inmark=0 nfqueue=0 scanflags=253 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=1 connid=134283520 masterid=442713312 status=0 state=410 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

fw_rule_id=6 and user_gp=2....

The port seems correct. Can you disable the policy rule 6? Also can you share the rule where the port 4500 is allowed? I mean open the Policy rule and post the screenshot.

Thanks.

OK rule 6 disabled.  also the picture above is ALL the rules i have now.  rule ID 2 is where I port forward the 4500

with rule 6 disabled I now get this

Date=2016-04-13 Time=23:31:14 log_id=0139021 log_type=Firewall log_component= log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev=Port1 inzone_id=1 outzone_id=2 source_mac= dest_mac= l3_protocol=IP source_ip=208.54.75.197 dest_ip=10.1.1.23 l4_protocol=UDP source_port=4500 dest_port=4500 fw_rule_id=1 policytype=1 live_userid=4 userid=11 user_gp=2 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=1 inmark=0 nfqueue=0 scanflags=253 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=1 connid=65792 masterid=1399558624 status=0 state=410 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

rule id 1 is my allow all out NO SCAN of any type

Hmmmm

You previous rule are not catched.

Check you config. How are you trying your wan to lan rule? Are you connected from another site?

dont know if I understand you totally.  i am inside on the LAN now with my CellSpot next to me.  

the only rules I have are in the picture above with the exception that rule #6 is now disabled.  

Create a Policy Rule wan to lan where source zone is WAN, source IP is 208.54.75.197, dest. zone is lan and dest ip=10.1.1.23 where protocol is UPD 4500 and see if it works.

I get this now

Date=2016-04-14 Time=00:22:13 log_id=0139021 log_type=Firewall log_component= log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev= out_dev=Port1 inzone_id=1 outzone_id=2 source_mac= dest_mac= l3_protocol=IP source_ip=208.54.73.1 dest_ip=10.1.1.23 l4_protocol=UDP source_port=4500 dest_port=4500 fw_rule_id=2 policytype=3 live_userid=4 userid=11 user_gp=2 ips_id=0 sslvpn_id=0 web_filter_id=0 hotspot_id=0 icap_id=0 app_filter_id=0 app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 source_nat_id=0 cluster_node=1 inmark=0 nfqueue=0 scanflags=253 gateway_offset=0 max_session_bytes=0 drop_fix=0 ctflags=1 connid=65800 masterid=1313074432 status=0 state=410 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

Hmmm  still not working.  any ideas?

Have you tried moving your allow all network rule from the bottom to the top?