We have about 90 servers behind the affected UTM9, all have an external interface and a dedicated dnat and snat entry to their internal IP. Actually everything is fine, a HA slave is attached.
But sometimes traffic gets dropped even though it's allowed.
Like some weeks ago I opened traffic for two external networks to an internal host with a paket filter rule, this worked fine. Today I added a new host IP to the allowed group, but traffic from this IP is dropped see below (IP/MAC addresses changed), traffic from over IPs in that group go through-
| 16:48:53 | Default DROP | TCP |
|
→ |
|
|
We had this issue before especially with incoming traffic from hosts that also are natted and reading BALfsons rules (don't find them anymore in the old forum) to not attach the internal IP to the internal Network but to any. This trick helped once, but not this time.
DNAT and SNAT is any to/from internal host_IP-
Intrusion Prevention is enabled (drop silently)
Any hints?
This thread was automatically locked due to age.
