TMobile CellSpot

Hi Dave,

Have you created a rule to allow the LAN zone and T-Mobile Cell Spot out to the internet? That rule allows traffic in but not out by the looks of thing? The other thing you can try is to check the "Create Reflexive Rule" button. Which essentially creates a reverse rule.

Cheers,

Ben

I had the reflexive already checked.  i added the following and still not working  these are ALL my rules.

Moved it to the TOP.  

Still getting. the below drop...

Date=2016-04-15 Time=10:58:07 log_id=0139021 log_type=Firewall log_component= log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_dev=Port1 out_dev= inzone_id=1 outzone_id=2 source_mac=b4:ee:b4:d3:50:f1 dest_mac=00:01:2e:5a:96:03 l3_protocol=IP source_ip=10.1.1.23 dest_ip=208.54.73.1 l4_protocol=UDP source_port=4500 dest_port=4500 fw_rule_id=1 policytype=1 live_userid=4 userid=11 user_gp=2 ips_id=5 sslvpn_id=0 web_filter_id=6 hotspot_id=0 icap_id=0 app_filter_id=0 app_category_id=1 app_id=0 category_id=0 bandwidth_id=0 up_classid=7161395441051893760 dn_classid=0 source_nat_id=0 cluster_node=1 inmark=0 nfqueue=0 scanflags=253 gateway_offset=72 max_session_bytes=0 drop_fix=0 ctflags=1 connid=604045568 masterid=1974685344 status=0 state=414 sent_pkts=N/A recv_pkts=N/A sent_bytes=N/A recv_bytes=N/A tran_src_ip=N/A tran_src_port=N/A tran_dst_ip=N/A tran_dst_port=N/A

looks like an IPS thing..  i cant stop this from triggering.  i even created a blank IPS policy and it still triggers.

also RULE #1 is the default out everything rule.  i have set it to NONE and LAN2WAN and my own blank Accept ALL policy...  cant figure out how to add the LTE modem as a exception

STOPPING the IPS service worked.  it allowed the cellspot to boot even without specific rules.   so its the IPS service dropping it somwhere

It's not uncommon for IPS to pick these things up, what does the IPS logs say?

I've had to add an exception for my PS3 else everything I try and download triggers IPS and gets stuck in a download loop!

This is what it ways when the IPS service is started.  how do you add an exclusion for 1 host?  that would be great

Ben.  how do I add an exception?

Anyone?   still running with IPS off   :(

Hi David,

Apologies for the delay. Create a Rule for the CellSpot to get out to the internet, have it higher than your general Web Browsing Rule. Then clone the WANtoLAN or LANtoWAN rule and tweak needed settings to make the CellSpot work.

Sorry for the briefness of this message, I'm using a phone :-)

No problem.   I have tried something similar but when I clone the lantowan rule I can't find the rule to disable.  Its not anywhere on the recon group.  I can't find the large UDP rule to disable or allow???  

No problem.   I have tried something similar but when I clone the lantowan rule I can't find the rule to disable.  Its not anywhere on the recon group.  I can't find the large UDP rule to disable or allow???  

can I create an exception?  i dont like running a firewall with IPS turned off :)