Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 1948 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[6.311] Paket filter with rule on port range

trialrider
Hi there,

our ASG 220 is gone live and works fine. But some little things could be better...

In our Company we use SAP. Our firewall has a port range defined for. I created a service for SAP with this range on the ASG too. In next step I created a specified rule:

Source: Any
Service: SAP
Action: Allow
Destination: SAP-Router

I've choosen Any as source because we come in from the internet via VPN. the problem is, the rule doesn't work. If the service SAP set to a single port (3299) it works fine. Can anyone explain why?

Thanks for your answers and tips, tricks or hints.
-- 
Kind regards

Steffen Kother


This thread was automatically locked due to age.
  • 0
    That's weird, I've never had any port range problems like that before... Just to verify, both are defined with the same source port range and the same protocols?
  • 0 in reply to drees
    Hi drees,

    sorry for this late answer.

    The service for SAP was defined like that: source 1:65535, destination 3200:3302 and it doesn't work. I redefined the destination port to 3299 only and it works.

    Maybe there is an other pf rule making a break to the communication...

    I will check this.

    Kind regards, Steffen