PDA

View Full Version : Traffic is being dropped by which rule?



Deaf_Null
2009-05-05, 03:23
Hi,

I've set up a UTM Edge X appliance at a customer site and I am unable to reach it either over SSH or HTTPS. We use a standard config that is working fine at 10 other customers.

I had a look in the Security Logs of the Edge device and I can see traffic is dropped from our source NOC to the Edge device (Port 18192, IKE 500, DNS etc.) and reason is Policy Rule 15 (WAN port -Internet-).

I am a bit puzzled now, is it being dropped because of rule 15 in our Smart Center main firewall (where we manage all the device centrally)? Or which rule is it referring to? can I find this rule in the UTM-1 Edge device itself? I also see the device 'offline' in the SmartCenter monitoring...I can not see traffic being dropped in our Tracker, hence, I see no traffic at all, only when I SSH or HTTPS to the device I see allowed traffic, but unable to reach the Edge...

Anybody?

Thanks.

serlud
2009-07-08, 03:58
It is rule of the policy with installed on this Edge. (if you use only one policy for all FWs and Edges than it is rule 15 on our SmartCenter)
Do you use an VPN S2S? then probable you should check vpn_route.conf on SmartCenter. (Aka accept clear traffic from NOC systems withour VPN)
Please also check libsw version on SmartCenter /should be the same ( or bigger) as firmware version.