Firewall Rule "DROP" not working

Hi Sir Davide,

Good Day

Option 1:

Put these 2 Firewall rule into TOP

Option 2:

Do the Web Protection Policy was enabled?

Option 3:

See logs under Firewall Rule 

Thank you

PS
Im also a Newbie

Hi,

thanks for the reply.

Option 1:

i try it, but not working

Option 2:

Yes the Web Protection policy is enabled

Hi Sir Davide,

Good Day

Upon checking with your Firewall Rule

What does LAN-VOIP Network > ANY > ANY?
* Destination "ANY" allows all match traffic
* Much better to config like this if only traffic goes to internet 
* try this setup LAN-VOIP Network > ANY > IPV4
* Same as the other configurations

Then try to test if LANVOIP, INTERNAL and DMZ see each other

Thank you

Because the LAN_VOIP must has all services opened to the External WAN (the internal network NO), how can i edit the rule?

I try from the internal network to ping and IP of the LAN_VOIP and works. i discover now that only pings works, the others services no(fortunately). Why ping works?

Hi Sir,

Yes if all VOIP, DMZ and LAN network traffic ONLY goes to WAN

It is okay to config like this

VOIP > ANY > IPV4

DMZ > ANY > IPV4

LAN > ANY > IPV4

then try to delete those drop Policy  and make a tests again 
Hope to solve this problem with this solutions

Thank you

Let me suggest...

you have some NAT or VPN rules with Automatic Firewall rules enabled?
Please have a look into "ALL" Firewall rules (by useing DropDown) and compare all these automatic rules.

The automatic rules are ALWAYS used before the custom rules!

So you can't decline access if it was granted above. ;)

You didnt provide the log where this packets are allowed.

Is the UTM the only gateway for this networks? I mean, is there a switch behind UTM?

Ciao Davide, and welcome to the UTM Community!

Several things for you to learn...

Pinging is regulated on the 'ICMP' tab of 'Firewall'.  Disable 'Firewall forwards pings' and add Ping in the firewall ruleset.

The "Any" Service only includes TCP and UDP.  Ping and other IP Protocols are not included.

By default, all traffic is blocked, so your four firewall rules could be replaced by a single one:

LAN VOIP (Network), Internal (Network) -> Any, Ping -> Internet : Allow

You might be interested in a document I maintain that I make available to members of the UTM Community, "Configure HTTP Proxy for a Network of Guests."  If you would like me to send you this document, PM me your email address.  To see why, look at #2 in Rulz and also see Doug Foster's take on some of this: READ ME FIRST: UTM Architecture

Cheers - Bob

Mmmh i must check it and i will write you! :)