This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG dropping traffic to 443

I have a firewall rule which allows traffic from LAN zone ANY host to WAN zone ANY host using the built-in HTTPS service. However, in XG logs, I see that some traffic from various devices in LAN zone is being denied going to TCP port 443, whereas other traffic is being allowed on the same port from same devices. Why is this happening? As far as I know, I have not setup any IPS or Application filter or web policy. What else do I check?

Thanks,

Arun

This thread was automatically locked due to age.

Parents

0 lferrara over 7 years ago

Arun,

show your firewall rule and check Patterns that are updated.

Thanks
Cancel
Vote Up 0 Vote Down

Cancel
0 ArunGupta over 7 years ago in reply to lferrara

Here is the rule:

As far as I can tell, patterns are updated.
Cancel
Vote Up 0 Vote Down

Cancel
0 lferrara over 7 years ago in reply to ArunGupta

Arun,

can you show the firewall logs?

Also can you share more details about your network?

Thanks
Cancel
Vote Up 0 Vote Down

Cancel
0 ArunGupta over 7 years ago in reply to lferrara

The network is:

Verizon FiOS ->Direct Ethernet Cable From ONT->XG Firewall (runs as a VM on a Dell PowerEdge T110 Server, VMWare ESXi 6.5)->Output from XG to DLink DGS1210 Managed Switch->All network devices
Cancel
Vote Up 0 Vote Down

Cancel
0 lferrara over 7 years ago in reply to ArunGupta

Arun,

thanks for sharing the ip. Please share also the IP/Network for each appliance (only internal IP). Is the XG deployed as Bridge or Routing?

Thanks
Cancel
Vote Up 0 Vote Down

Cancel
0 ArunGupta over 7 years ago in reply to lferrara

I am sorry, I did not quiet understand the question. Which appliance are you referring to? Also, how do I determine if XG is in bridge mode or routing mode?

Thanks,

Arun
Cancel
Vote Up 0 Vote Down

Cancel
0 lferrara over 7 years ago in reply to ArunGupta

Arun,

in order to help us you should provide inside the thread all the needed information about your installation.

So please share a network map with all router/firewall ip.

To understand how XG is deployed, share a screenshot of network > interface tab.

Thanks
Cancel
Vote Up 0 Vote Down

Cancel
0 ArunGupta over 7 years ago in reply to lferrara

So, here are lot more details:

Here is XG Network Interface setup. I do not use the GuestAP. I have removed the IP address assigned by Verizon:

Here is the setup in VMWare. I have removed the MAC addresses:

First, the input from Verizon to XG on the first physical NIC.

This is how the output from XG goes to other Virtual Machines and rest of the network. This is the second physical NIC.

This is how the DMZ physical NIC is configured:

I had exact same setup for UTM9 and it worked fine for years. The UTM9 never blocked any traffic that was not in supposed to be blocked in firewall rules.

Thanks,

Arun
Cancel
Vote Up 0 Vote Down

Cancel
0 lferrara over 7 years ago in reply to ArunGupta

Arun,

are you using the same IP as the previous UTM9 box?

If this is the case, pay attention with MAC-ADDRESS table on the other appliances.

Use a tcpdump to understand why the traffic is blocked.

Regards
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 lferrara over 7 years ago in reply to ArunGupta

Arun,

are you using the same IP as the previous UTM9 box?

If this is the case, pay attention with MAC-ADDRESS table on the other appliances.

Use a tcpdump to understand why the traffic is blocked.

Regards
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data