Sophos Cluster SG210 - NAT Regel funktioniert nicht mehr

That's confusing, Arnold.  What do those IPs represent?

fwrule="60001" means the packet was blocked inbound to the dstip.  I would guess that this means you need another NAT rule or {UDP .:65535->12222} added to an existing one.  See #4 in Rulz (last updated 2021-02-16).

"60002" means the packet was blocked out of the FORWARD chain.  That is, you probably have a NAT rule that doesn't have automatic firewall rule enabled and you need a firewall rule.

MfG - Bob (Bitte auf Deutsch weiterhin.)

That's confusing, Arnold.  What do those IPs represent?

fwrule="60001" means the packet was blocked inbound to the dstip.  I would guess that this means you need another NAT rule or {UDP .:65535->12222} added to an existing one.  See #4 in Rulz (last updated 2021-02-16).

"60002" means the packet was blocked out of the FORWARD chain.  That is, you probably have a NAT rule that doesn't have automatic firewall rule enabled and you need a firewall rule.

MfG - Bob (Bitte auf Deutsch weiterhin.)

The mark is placed to automatic firewall rule and it worked this way for about 3 years and now it stopped working and I don't know why.

https://forcesync.forcenet.de/index.php/s/8C8e3KA296PJspg

Password: bWyY4jxP

Here some screenshots with the rule.

The ExtremeCloud server is in our datacenter and with this server we are managing the access points for our customers, port 2083 TCP is used by RADIUS and the port 12222 UDP is used in order to establish the capwap connection with the server, if this port doesn't function then I can't manage any of them. These incoming IPs are the access points trying to access the port on the server, my presumption is that the port UDP 12222 is being blocked and that's the cause for the timeout with the port 2083 because if the port 12222 is unable to establish the connection to the ExtremeCloud server then the RADIUS can't access the database in order to retrieve credentials from NPS server.

Please show pictures of the Edits of the related NAT rule(s).

MfG - Bob (Bitte auf Deutsch weiterhin.)

Hallo,

oben habe ich Euch einen Link geteilt, da gibt es Fotos mit der NAT Regel, reicht das ?

Danke.

besser wäre es, die Bilder hier einzufügen.

Stelle mal in der NAT Regel unter advanced ein, dass die initialen Pakete geloggt werden sollen.

Wie sieht das jetzt im LiveLog aus?

Der Haken war gesetzt als ich die Logs aufgerufen habe.

Hallo Arnold,

I use a Sandboxie sandbox for all external links.  We can't know if that external site is properly protected. The only malware I've gotten in over 10+ years was from an external link to a picture in this forum over 5 years ago.  As Dirk said, "besser wäre es, die Bilder hier einzufügen."

Everything in that link looks good, but I didn't see a rule for 2883 TCP.

MfG - Bob (Bitte auf Deutsch weiterhin.)